harness.platform.VaultConnector
Resource for creating a HashiCorp Vault Secret Manager connector.
Example Usage
using System.Collections.Generic;
using Pulumi;
using Harness = Lbrlabs.PulumiPackage.Harness;
return await Deployment.RunAsync(() =>
{
var awsAuth = new Harness.Platform.VaultConnector("awsAuth", new()
{
AccessType = "AWS_IAM",
AwsRegion = "aws_region",
BasePath = "base_path",
Default = false,
DelegateSelectors = new[]
{
"harness-delegate",
},
Description = "test",
Identifier = "identifier",
ReadOnly = true,
RenewalIntervalMinutes = 60,
SecretEngineManuallyConfigured = true,
SecretEngineName = "secret_engine_name",
SecretEngineVersion = 2,
Tags = new[]
{
"foo:bar",
},
UseAwsIam = true,
UseK8sAuth = false,
UseVaultAgent = false,
VaultAwsIamRole = "vault_aws_iam_role",
VaultUrl = "https://vault_url.com",
XvaultAwsIamServerId = $"account.{harness_platform_secret_text.Test.Id}",
});
var appRole = new Harness.Platform.VaultConnector("appRole", new()
{
AccessType = "APP_ROLE",
AppRoleId = "app_role_id",
BasePath = "base_path",
Default = false,
DelegateSelectors = new[]
{
"harness-delegate",
},
Description = "test",
Identifier = "identifier",
ReadOnly = true,
RenewAppRoleToken = true,
RenewalIntervalMinutes = 60,
SecretEngineManuallyConfigured = true,
SecretEngineName = "secret_engine_name",
SecretEngineVersion = 2,
SecretId = $"account.{harness_platform_secret_text.Test.Id}",
Tags = new[]
{
"foo:bar",
},
UseAwsIam = false,
UseK8sAuth = false,
UseVaultAgent = false,
VaultUrl = "https://vault_url.com",
});
var k8sAuth = new Harness.Platform.VaultConnector("k8sAuth", new()
{
AccessType = "K8s_AUTH",
AuthToken = $"account.{harness_platform_secret_text.Test.Id}",
BasePath = "base_path",
Default = false,
DelegateSelectors = new[]
{
"harness-delegate",
},
Description = "test",
Identifier = "identifier",
K8sAuthEndpoint = "k8s_auth_endpoint",
Namespace = "namespace",
ReadOnly = true,
RenewalIntervalMinutes = 10,
SecretEngineManuallyConfigured = true,
SecretEngineName = "secret_engine_name",
SecretEngineVersion = 2,
ServiceAccountTokenPath = "service_account_token_path",
Tags = new[]
{
"foo:bar",
},
UseAwsIam = false,
UseK8sAuth = true,
UseVaultAgent = false,
VaultAwsIamRole = "vault_aws_iam_role",
VaultK8sAuthRole = "vault_k8s_auth_role",
VaultUrl = "https://vault_url.com",
});
var vaultAgent = new Harness.Platform.VaultConnector("vaultAgent", new()
{
AccessType = "VAULT_AGENT",
AuthToken = $"account.{harness_platform_secret_text.Test.Id}",
BasePath = "base_path",
Default = false,
DelegateSelectors = new[]
{
"harness-delegate",
},
Description = "test",
Identifier = "identifier",
Namespace = "namespace",
ReadOnly = true,
RenewalIntervalMinutes = 10,
SecretEngineManuallyConfigured = true,
SecretEngineName = "secret_engine_name",
SecretEngineVersion = 2,
SinkPath = "sink_path",
Tags = new[]
{
"foo:bar",
},
UseAwsIam = false,
UseK8sAuth = false,
UseVaultAgent = true,
VaultUrl = "https://vault_url.com",
});
var token = new Harness.Platform.VaultConnector("token", new()
{
AccessType = "TOKEN",
AuthToken = $"account.{harness_platform_secret_text.Test.Id}",
BasePath = "base_path",
Default = false,
Description = "test",
Identifier = "identifier",
Namespace = "namespace",
ReadOnly = true,
RenewalIntervalMinutes = 10,
SecretEngineManuallyConfigured = true,
SecretEngineName = "secret_engine_name",
SecretEngineVersion = 2,
Tags = new[]
{
"foo:bar",
},
UseAwsIam = false,
UseK8sAuth = false,
VaultUrl = "https://vault_url.com",
});
});
package main
import (
"fmt"
"github.com/lbrlabs/pulumi-harness/sdk/go/harness/platform"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := platform.NewVaultConnector(ctx, "awsAuth", &platform.VaultConnectorArgs{
AccessType: pulumi.String("AWS_IAM"),
AwsRegion: pulumi.String("aws_region"),
BasePath: pulumi.String("base_path"),
Default: pulumi.Bool(false),
DelegateSelectors: pulumi.StringArray{
pulumi.String("harness-delegate"),
},
Description: pulumi.String("test"),
Identifier: pulumi.String("identifier"),
ReadOnly: pulumi.Bool(true),
RenewalIntervalMinutes: pulumi.Int(60),
SecretEngineManuallyConfigured: pulumi.Bool(true),
SecretEngineName: pulumi.String("secret_engine_name"),
SecretEngineVersion: pulumi.Int(2),
Tags: pulumi.StringArray{
pulumi.String("foo:bar"),
},
UseAwsIam: pulumi.Bool(true),
UseK8sAuth: pulumi.Bool(false),
UseVaultAgent: pulumi.Bool(false),
VaultAwsIamRole: pulumi.String("vault_aws_iam_role"),
VaultUrl: pulumi.String("https://vault_url.com"),
XvaultAwsIamServerId: pulumi.String(fmt.Sprintf("account.%v", harness_platform_secret_text.Test.Id)),
})
if err != nil {
return err
}
_, err = platform.NewVaultConnector(ctx, "appRole", &platform.VaultConnectorArgs{
AccessType: pulumi.String("APP_ROLE"),
AppRoleId: pulumi.String("app_role_id"),
BasePath: pulumi.String("base_path"),
Default: pulumi.Bool(false),
DelegateSelectors: pulumi.StringArray{
pulumi.String("harness-delegate"),
},
Description: pulumi.String("test"),
Identifier: pulumi.String("identifier"),
ReadOnly: pulumi.Bool(true),
RenewAppRoleToken: pulumi.Bool(true),
RenewalIntervalMinutes: pulumi.Int(60),
SecretEngineManuallyConfigured: pulumi.Bool(true),
SecretEngineName: pulumi.String("secret_engine_name"),
SecretEngineVersion: pulumi.Int(2),
SecretId: pulumi.String(fmt.Sprintf("account.%v", harness_platform_secret_text.Test.Id)),
Tags: pulumi.StringArray{
pulumi.String("foo:bar"),
},
UseAwsIam: pulumi.Bool(false),
UseK8sAuth: pulumi.Bool(false),
UseVaultAgent: pulumi.Bool(false),
VaultUrl: pulumi.String("https://vault_url.com"),
})
if err != nil {
return err
}
_, err = platform.NewVaultConnector(ctx, "k8sAuth", &platform.VaultConnectorArgs{
AccessType: pulumi.String("K8s_AUTH"),
AuthToken: pulumi.String(fmt.Sprintf("account.%v", harness_platform_secret_text.Test.Id)),
BasePath: pulumi.String("base_path"),
Default: pulumi.Bool(false),
DelegateSelectors: pulumi.StringArray{
pulumi.String("harness-delegate"),
},
Description: pulumi.String("test"),
Identifier: pulumi.String("identifier"),
K8sAuthEndpoint: pulumi.String("k8s_auth_endpoint"),
Namespace: pulumi.String("namespace"),
ReadOnly: pulumi.Bool(true),
RenewalIntervalMinutes: pulumi.Int(10),
SecretEngineManuallyConfigured: pulumi.Bool(true),
SecretEngineName: pulumi.String("secret_engine_name"),
SecretEngineVersion: pulumi.Int(2),
ServiceAccountTokenPath: pulumi.String("service_account_token_path"),
Tags: pulumi.StringArray{
pulumi.String("foo:bar"),
},
UseAwsIam: pulumi.Bool(false),
UseK8sAuth: pulumi.Bool(true),
UseVaultAgent: pulumi.Bool(false),
VaultAwsIamRole: pulumi.String("vault_aws_iam_role"),
VaultK8sAuthRole: pulumi.String("vault_k8s_auth_role"),
VaultUrl: pulumi.String("https://vault_url.com"),
})
if err != nil {
return err
}
_, err = platform.NewVaultConnector(ctx, "vaultAgent", &platform.VaultConnectorArgs{
AccessType: pulumi.String("VAULT_AGENT"),
AuthToken: pulumi.String(fmt.Sprintf("account.%v", harness_platform_secret_text.Test.Id)),
BasePath: pulumi.String("base_path"),
Default: pulumi.Bool(false),
DelegateSelectors: pulumi.StringArray{
pulumi.String("harness-delegate"),
},
Description: pulumi.String("test"),
Identifier: pulumi.String("identifier"),
Namespace: pulumi.String("namespace"),
ReadOnly: pulumi.Bool(true),
RenewalIntervalMinutes: pulumi.Int(10),
SecretEngineManuallyConfigured: pulumi.Bool(true),
SecretEngineName: pulumi.String("secret_engine_name"),
SecretEngineVersion: pulumi.Int(2),
SinkPath: pulumi.String("sink_path"),
Tags: pulumi.StringArray{
pulumi.String("foo:bar"),
},
UseAwsIam: pulumi.Bool(false),
UseK8sAuth: pulumi.Bool(false),
UseVaultAgent: pulumi.Bool(true),
VaultUrl: pulumi.String("https://vault_url.com"),
})
if err != nil {
return err
}
_, err = platform.NewVaultConnector(ctx, "token", &platform.VaultConnectorArgs{
AccessType: pulumi.String("TOKEN"),
AuthToken: pulumi.String(fmt.Sprintf("account.%v", harness_platform_secret_text.Test.Id)),
BasePath: pulumi.String("base_path"),
Default: pulumi.Bool(false),
Description: pulumi.String("test"),
Identifier: pulumi.String("identifier"),
Namespace: pulumi.String("namespace"),
ReadOnly: pulumi.Bool(true),
RenewalIntervalMinutes: pulumi.Int(10),
SecretEngineManuallyConfigured: pulumi.Bool(true),
SecretEngineName: pulumi.String("secret_engine_name"),
SecretEngineVersion: pulumi.Int(2),
Tags: pulumi.StringArray{
pulumi.String("foo:bar"),
},
UseAwsIam: pulumi.Bool(false),
UseK8sAuth: pulumi.Bool(false),
VaultUrl: pulumi.String("https://vault_url.com"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.harness.platform.VaultConnector;
import com.pulumi.harness.platform.VaultConnectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var awsAuth = new VaultConnector("awsAuth", VaultConnectorArgs.builder()
.accessType("AWS_IAM")
.awsRegion("aws_region")
.basePath("base_path")
.default_(false)
.delegateSelectors("harness-delegate")
.description("test")
.identifier("identifier")
.readOnly(true)
.renewalIntervalMinutes(60)
.secretEngineManuallyConfigured(true)
.secretEngineName("secret_engine_name")
.secretEngineVersion(2)
.tags("foo:bar")
.useAwsIam(true)
.useK8sAuth(false)
.useVaultAgent(false)
.vaultAwsIamRole("vault_aws_iam_role")
.vaultUrl("https://vault_url.com")
.xvaultAwsIamServerId(String.format("account.%s", harness_platform_secret_text.test().id()))
.build());
var appRole = new VaultConnector("appRole", VaultConnectorArgs.builder()
.accessType("APP_ROLE")
.appRoleId("app_role_id")
.basePath("base_path")
.default_(false)
.delegateSelectors("harness-delegate")
.description("test")
.identifier("identifier")
.readOnly(true)
.renewAppRoleToken(true)
.renewalIntervalMinutes(60)
.secretEngineManuallyConfigured(true)
.secretEngineName("secret_engine_name")
.secretEngineVersion(2)
.secretId(String.format("account.%s", harness_platform_secret_text.test().id()))
.tags("foo:bar")
.useAwsIam(false)
.useK8sAuth(false)
.useVaultAgent(false)
.vaultUrl("https://vault_url.com")
.build());
var k8sAuth = new VaultConnector("k8sAuth", VaultConnectorArgs.builder()
.accessType("K8s_AUTH")
.authToken(String.format("account.%s", harness_platform_secret_text.test().id()))
.basePath("base_path")
.default_(false)
.delegateSelectors("harness-delegate")
.description("test")
.identifier("identifier")
.k8sAuthEndpoint("k8s_auth_endpoint")
.namespace("namespace")
.readOnly(true)
.renewalIntervalMinutes(10)
.secretEngineManuallyConfigured(true)
.secretEngineName("secret_engine_name")
.secretEngineVersion(2)
.serviceAccountTokenPath("service_account_token_path")
.tags("foo:bar")
.useAwsIam(false)
.useK8sAuth(true)
.useVaultAgent(false)
.vaultAwsIamRole("vault_aws_iam_role")
.vaultK8sAuthRole("vault_k8s_auth_role")
.vaultUrl("https://vault_url.com")
.build());
var vaultAgent = new VaultConnector("vaultAgent", VaultConnectorArgs.builder()
.accessType("VAULT_AGENT")
.authToken(String.format("account.%s", harness_platform_secret_text.test().id()))
.basePath("base_path")
.default_(false)
.delegateSelectors("harness-delegate")
.description("test")
.identifier("identifier")
.namespace("namespace")
.readOnly(true)
.renewalIntervalMinutes(10)
.secretEngineManuallyConfigured(true)
.secretEngineName("secret_engine_name")
.secretEngineVersion(2)
.sinkPath("sink_path")
.tags("foo:bar")
.useAwsIam(false)
.useK8sAuth(false)
.useVaultAgent(true)
.vaultUrl("https://vault_url.com")
.build());
var token = new VaultConnector("token", VaultConnectorArgs.builder()
.accessType("TOKEN")
.authToken(String.format("account.%s", harness_platform_secret_text.test().id()))
.basePath("base_path")
.default_(false)
.description("test")
.identifier("identifier")
.namespace("namespace")
.readOnly(true)
.renewalIntervalMinutes(10)
.secretEngineManuallyConfigured(true)
.secretEngineName("secret_engine_name")
.secretEngineVersion(2)
.tags("foo:bar")
.useAwsIam(false)
.useK8sAuth(false)
.vaultUrl("https://vault_url.com")
.build());
}
}
import pulumi
import lbrlabs_pulumi_harness as harness
aws_auth = harness.platform.VaultConnector("awsAuth",
access_type="AWS_IAM",
aws_region="aws_region",
base_path="base_path",
default=False,
delegate_selectors=["harness-delegate"],
description="test",
identifier="identifier",
read_only=True,
renewal_interval_minutes=60,
secret_engine_manually_configured=True,
secret_engine_name="secret_engine_name",
secret_engine_version=2,
tags=["foo:bar"],
use_aws_iam=True,
use_k8s_auth=False,
use_vault_agent=False,
vault_aws_iam_role="vault_aws_iam_role",
vault_url="https://vault_url.com",
xvault_aws_iam_server_id=f"account.{harness_platform_secret_text['test']['id']}")
app_role = harness.platform.VaultConnector("appRole",
access_type="APP_ROLE",
app_role_id="app_role_id",
base_path="base_path",
default=False,
delegate_selectors=["harness-delegate"],
description="test",
identifier="identifier",
read_only=True,
renew_app_role_token=True,
renewal_interval_minutes=60,
secret_engine_manually_configured=True,
secret_engine_name="secret_engine_name",
secret_engine_version=2,
secret_id=f"account.{harness_platform_secret_text['test']['id']}",
tags=["foo:bar"],
use_aws_iam=False,
use_k8s_auth=False,
use_vault_agent=False,
vault_url="https://vault_url.com")
k8s_auth = harness.platform.VaultConnector("k8sAuth",
access_type="K8s_AUTH",
auth_token=f"account.{harness_platform_secret_text['test']['id']}",
base_path="base_path",
default=False,
delegate_selectors=["harness-delegate"],
description="test",
identifier="identifier",
k8s_auth_endpoint="k8s_auth_endpoint",
namespace="namespace",
read_only=True,
renewal_interval_minutes=10,
secret_engine_manually_configured=True,
secret_engine_name="secret_engine_name",
secret_engine_version=2,
service_account_token_path="service_account_token_path",
tags=["foo:bar"],
use_aws_iam=False,
use_k8s_auth=True,
use_vault_agent=False,
vault_aws_iam_role="vault_aws_iam_role",
vault_k8s_auth_role="vault_k8s_auth_role",
vault_url="https://vault_url.com")
vault_agent = harness.platform.VaultConnector("vaultAgent",
access_type="VAULT_AGENT",
auth_token=f"account.{harness_platform_secret_text['test']['id']}",
base_path="base_path",
default=False,
delegate_selectors=["harness-delegate"],
description="test",
identifier="identifier",
namespace="namespace",
read_only=True,
renewal_interval_minutes=10,
secret_engine_manually_configured=True,
secret_engine_name="secret_engine_name",
secret_engine_version=2,
sink_path="sink_path",
tags=["foo:bar"],
use_aws_iam=False,
use_k8s_auth=False,
use_vault_agent=True,
vault_url="https://vault_url.com")
token = harness.platform.VaultConnector("token",
access_type="TOKEN",
auth_token=f"account.{harness_platform_secret_text['test']['id']}",
base_path="base_path",
default=False,
description="test",
identifier="identifier",
namespace="namespace",
read_only=True,
renewal_interval_minutes=10,
secret_engine_manually_configured=True,
secret_engine_name="secret_engine_name",
secret_engine_version=2,
tags=["foo:bar"],
use_aws_iam=False,
use_k8s_auth=False,
vault_url="https://vault_url.com")
import * as pulumi from "@pulumi/pulumi";
import * as harness from "@pulumi/harness";
const awsAuth = new harness.platform.VaultConnector("aws_auth", {
accessType: "AWS_IAM",
awsRegion: "aws_region",
basePath: "base_path",
default: false,
delegateSelectors: ["harness-delegate"],
description: "test",
identifier: "identifier",
readOnly: true,
renewalIntervalMinutes: 60,
secretEngineManuallyConfigured: true,
secretEngineName: "secret_engine_name",
secretEngineVersion: 2,
tags: ["foo:bar"],
useAwsIam: true,
useK8sAuth: false,
useVaultAgent: false,
vaultAwsIamRole: "vault_aws_iam_role",
vaultUrl: "https://vault_url.com",
xvaultAwsIamServerId: pulumi.interpolate`account.${harness_platform_secret_text_test.id}`,
});
const appRole = new harness.platform.VaultConnector("app_role", {
accessType: "APP_ROLE",
appRoleId: "app_role_id",
basePath: "base_path",
default: false,
delegateSelectors: ["harness-delegate"],
description: "test",
identifier: "identifier",
readOnly: true,
renewAppRoleToken: true,
renewalIntervalMinutes: 60,
secretEngineManuallyConfigured: true,
secretEngineName: "secret_engine_name",
secretEngineVersion: 2,
secretId: pulumi.interpolate`account.${harness_platform_secret_text_test.id}`,
tags: ["foo:bar"],
useAwsIam: false,
useK8sAuth: false,
useVaultAgent: false,
vaultUrl: "https://vault_url.com",
});
const k8sAuth = new harness.platform.VaultConnector("k8s_auth", {
accessType: "K8s_AUTH",
authToken: pulumi.interpolate`account.${harness_platform_secret_text_test.id}`,
basePath: "base_path",
default: false,
delegateSelectors: ["harness-delegate"],
description: "test",
identifier: "identifier",
k8sAuthEndpoint: "k8s_auth_endpoint",
namespace: "namespace",
readOnly: true,
renewalIntervalMinutes: 10,
secretEngineManuallyConfigured: true,
secretEngineName: "secret_engine_name",
secretEngineVersion: 2,
serviceAccountTokenPath: "service_account_token_path",
tags: ["foo:bar"],
useAwsIam: false,
useK8sAuth: true,
useVaultAgent: false,
vaultAwsIamRole: "vault_aws_iam_role",
vaultK8sAuthRole: "vault_k8s_auth_role",
vaultUrl: "https://vault_url.com",
});
const vaultAgent = new harness.platform.VaultConnector("vault_agent", {
accessType: "VAULT_AGENT",
authToken: pulumi.interpolate`account.${harness_platform_secret_text_test.id}`,
basePath: "base_path",
default: false,
delegateSelectors: ["harness-delegate"],
description: "test",
identifier: "identifier",
namespace: "namespace",
readOnly: true,
renewalIntervalMinutes: 10,
secretEngineManuallyConfigured: true,
secretEngineName: "secret_engine_name",
secretEngineVersion: 2,
sinkPath: "sink_path",
tags: ["foo:bar"],
useAwsIam: false,
useK8sAuth: false,
useVaultAgent: true,
vaultUrl: "https://vault_url.com",
});
const token = new harness.platform.VaultConnector("token", {
accessType: "TOKEN",
authToken: pulumi.interpolate`account.${harness_platform_secret_text_test.id}`,
basePath: "base_path",
default: false,
description: "test",
identifier: "identifier",
namespace: "namespace",
readOnly: true,
renewalIntervalMinutes: 10,
secretEngineManuallyConfigured: true,
secretEngineName: "secret_engine_name",
secretEngineVersion: 2,
tags: ["foo:bar"],
useAwsIam: false,
useK8sAuth: false,
vaultUrl: "https://vault_url.com",
});
resources:
awsAuth:
type: harness:platform:VaultConnector
properties:
accessType: AWS_IAM
awsRegion: aws_region
basePath: base_path
default: false
delegateSelectors:
- harness-delegate
description: test
identifier: identifier
readOnly: true
renewalIntervalMinutes: 60
secretEngineManuallyConfigured: true
secretEngineName: secret_engine_name
secretEngineVersion: 2
tags:
- foo:bar
useAwsIam: true
useK8sAuth: false
useVaultAgent: false
vaultAwsIamRole: vault_aws_iam_role
vaultUrl: https://vault_url.com
xvaultAwsIamServerId: account.${harness_platform_secret_text.test.id}
appRole:
type: harness:platform:VaultConnector
properties:
accessType: APP_ROLE
appRoleId: app_role_id
basePath: base_path
default: false
delegateSelectors:
- harness-delegate
description: test
identifier: identifier
readOnly: true
renewAppRoleToken: true
renewalIntervalMinutes: 60
secretEngineManuallyConfigured: true
secretEngineName: secret_engine_name
secretEngineVersion: 2
secretId: account.${harness_platform_secret_text.test.id}
tags:
- foo:bar
useAwsIam: false
useK8sAuth: false
useVaultAgent: false
vaultUrl: https://vault_url.com
k8sAuth:
type: harness:platform:VaultConnector
properties:
accessType: K8s_AUTH
authToken: account.${harness_platform_secret_text.test.id}
basePath: base_path
default: false
delegateSelectors:
- harness-delegate
description: test
identifier: identifier
k8sAuthEndpoint: k8s_auth_endpoint
namespace: namespace
readOnly: true
renewalIntervalMinutes: 10
secretEngineManuallyConfigured: true
secretEngineName: secret_engine_name
secretEngineVersion: 2
serviceAccountTokenPath: service_account_token_path
tags:
- foo:bar
useAwsIam: false
useK8sAuth: true
useVaultAgent: false
vaultAwsIamRole: vault_aws_iam_role
vaultK8sAuthRole: vault_k8s_auth_role
vaultUrl: https://vault_url.com
vaultAgent:
type: harness:platform:VaultConnector
properties:
accessType: VAULT_AGENT
authToken: account.${harness_platform_secret_text.test.id}
basePath: base_path
default: false
delegateSelectors:
- harness-delegate
description: test
identifier: identifier
namespace: namespace
readOnly: true
renewalIntervalMinutes: 10
secretEngineManuallyConfigured: true
secretEngineName: secret_engine_name
secretEngineVersion: 2
sinkPath: sink_path
tags:
- foo:bar
useAwsIam: false
useK8sAuth: false
useVaultAgent: true
vaultUrl: https://vault_url.com
token:
type: harness:platform:VaultConnector
properties:
accessType: TOKEN
authToken: account.${harness_platform_secret_text.test.id}
basePath: base_path
default: false
description: test
identifier: identifier
namespace: namespace
readOnly: true
renewalIntervalMinutes: 10
secretEngineManuallyConfigured: true
secretEngineName: secret_engine_name
secretEngineVersion: 2
tags:
- foo:bar
useAwsIam: false
useK8sAuth: false
vaultUrl: https://vault_url.com
Create VaultConnector Resource
new VaultConnector(name: string, args: VaultConnectorArgs, opts?: CustomResourceOptions);@overload
def VaultConnector(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_type: Optional[str] = None,
app_role_id: Optional[str] = None,
auth_token: Optional[str] = None,
aws_region: Optional[str] = None,
base_path: Optional[str] = None,
default: Optional[bool] = None,
delegate_selectors: Optional[Sequence[str]] = None,
description: Optional[str] = None,
identifier: Optional[str] = None,
is_default: Optional[bool] = None,
is_read_only: Optional[bool] = None,
k8s_auth_endpoint: Optional[str] = None,
name: Optional[str] = None,
namespace: Optional[str] = None,
org_id: Optional[str] = None,
project_id: Optional[str] = None,
read_only: Optional[bool] = None,
renew_app_role_token: Optional[bool] = None,
renewal_interval_minutes: Optional[int] = None,
secret_engine_manually_configured: Optional[bool] = None,
secret_engine_name: Optional[str] = None,
secret_engine_version: Optional[int] = None,
secret_id: Optional[str] = None,
service_account_token_path: Optional[str] = None,
sink_path: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
use_aws_iam: Optional[bool] = None,
use_k8s_auth: Optional[bool] = None,
use_vault_agent: Optional[bool] = None,
vault_aws_iam_role: Optional[str] = None,
vault_k8s_auth_role: Optional[str] = None,
vault_url: Optional[str] = None,
xvault_aws_iam_server_id: Optional[str] = None)
@overload
def VaultConnector(resource_name: str,
args: VaultConnectorArgs,
opts: Optional[ResourceOptions] = None)func NewVaultConnector(ctx *Context, name string, args VaultConnectorArgs, opts ...ResourceOption) (*VaultConnector, error)public VaultConnector(string name, VaultConnectorArgs args, CustomResourceOptions? opts = null)
public VaultConnector(String name, VaultConnectorArgs args)
public VaultConnector(String name, VaultConnectorArgs args, CustomResourceOptions options)
type: harness:platform:VaultConnector
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args VaultConnectorArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args VaultConnectorArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args VaultConnectorArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args VaultConnectorArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args VaultConnectorArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
VaultConnector Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The VaultConnector resource accepts the following input properties:
- Identifier string
Unique identifier of the resource.
- Renewal
Interval intMinutes The time interval for the token renewal.
- Vault
Url string URL of the HashiCorp Vault.
- Access
Type string Access type.
- App
Role stringId ID of App Role.
- Auth
Token string Authentication token for Vault.
- Aws
Region string AWS region where the AWS IAM authentication will happen.
- Base
Path string Location of the Vault directory where the secret will be stored.
- Default bool
Is default or not.
- Delegate
Selectors List<string> List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- Description string
Description of the resource.
- Is
Default bool Is default or not.
- Is
Read boolOnly Read only or not.
- K8s
Auth stringEndpoint The path where Kubernetes Auth is enabled in Vault.
- Name string
Name of the resource.
- Namespace string
Vault namespace where the Secret will be created.
- Org
Id string Unique identifier of the Organization.
- Project
Id string Unique identifier of the Project.
- Read
Only bool Read only.
- Renew
App boolRole Token Boolean value to indicate if AppRole token renewal is enabled or not.
- Secret
Engine boolManually Configured Manually entered Secret Engine.
- Secret
Engine stringName Name of the Secret Engine.
- Secret
Engine intVersion Version of Secret Engine.
- Secret
Id string ID of the Secret.
- Service
Account stringToken Path The Service Account token path in the K8s pod where the token is mounted.
- Sink
Path string The location from which the authentication token should be read.
- List<string>
Tags to associate with the resource. Tags should be in the form
name:value.- Use
Aws boolIam Boolean value to indicate if AWS IAM is used for authentication.
- Use
K8s boolAuth Boolean value to indicate if K8s Auth is used for authentication.
- Use
Vault boolAgent Boolean value to indicate if Vault Agent is used for authentication.
- Vault
Aws stringIam Role The Vault role defined to bind to aws iam account/role being accessed.
- Vault
K8s stringAuth Role The role where K8s Auth will happen.
- Xvault
Aws stringIam Server Id The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- Identifier string
Unique identifier of the resource.
- Renewal
Interval intMinutes The time interval for the token renewal.
- Vault
Url string URL of the HashiCorp Vault.
- Access
Type string Access type.
- App
Role stringId ID of App Role.
- Auth
Token string Authentication token for Vault.
- Aws
Region string AWS region where the AWS IAM authentication will happen.
- Base
Path string Location of the Vault directory where the secret will be stored.
- Default bool
Is default or not.
- Delegate
Selectors []string List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- Description string
Description of the resource.
- Is
Default bool Is default or not.
- Is
Read boolOnly Read only or not.
- K8s
Auth stringEndpoint The path where Kubernetes Auth is enabled in Vault.
- Name string
Name of the resource.
- Namespace string
Vault namespace where the Secret will be created.
- Org
Id string Unique identifier of the Organization.
- Project
Id string Unique identifier of the Project.
- Read
Only bool Read only.
- Renew
App boolRole Token Boolean value to indicate if AppRole token renewal is enabled or not.
- Secret
Engine boolManually Configured Manually entered Secret Engine.
- Secret
Engine stringName Name of the Secret Engine.
- Secret
Engine intVersion Version of Secret Engine.
- Secret
Id string ID of the Secret.
- Service
Account stringToken Path The Service Account token path in the K8s pod where the token is mounted.
- Sink
Path string The location from which the authentication token should be read.
- []string
Tags to associate with the resource. Tags should be in the form
name:value.- Use
Aws boolIam Boolean value to indicate if AWS IAM is used for authentication.
- Use
K8s boolAuth Boolean value to indicate if K8s Auth is used for authentication.
- Use
Vault boolAgent Boolean value to indicate if Vault Agent is used for authentication.
- Vault
Aws stringIam Role The Vault role defined to bind to aws iam account/role being accessed.
- Vault
K8s stringAuth Role The role where K8s Auth will happen.
- Xvault
Aws stringIam Server Id The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- identifier String
Unique identifier of the resource.
- renewal
Interval IntegerMinutes The time interval for the token renewal.
- vault
Url String URL of the HashiCorp Vault.
- access
Type String Access type.
- app
Role StringId ID of App Role.
- auth
Token String Authentication token for Vault.
- aws
Region String AWS region where the AWS IAM authentication will happen.
- base
Path String Location of the Vault directory where the secret will be stored.
- default_ Boolean
Is default or not.
- delegate
Selectors List<String> List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- description String
Description of the resource.
- is
Default Boolean Is default or not.
- is
Read BooleanOnly Read only or not.
- k8s
Auth StringEndpoint The path where Kubernetes Auth is enabled in Vault.
- name String
Name of the resource.
- namespace String
Vault namespace where the Secret will be created.
- org
Id String Unique identifier of the Organization.
- project
Id String Unique identifier of the Project.
- read
Only Boolean Read only.
- renew
App BooleanRole Token Boolean value to indicate if AppRole token renewal is enabled or not.
- secret
Engine BooleanManually Configured Manually entered Secret Engine.
- secret
Engine StringName Name of the Secret Engine.
- secret
Engine IntegerVersion Version of Secret Engine.
- secret
Id String ID of the Secret.
- service
Account StringToken Path The Service Account token path in the K8s pod where the token is mounted.
- sink
Path String The location from which the authentication token should be read.
- List<String>
Tags to associate with the resource. Tags should be in the form
name:value.- use
Aws BooleanIam Boolean value to indicate if AWS IAM is used for authentication.
- use
K8s BooleanAuth Boolean value to indicate if K8s Auth is used for authentication.
- use
Vault BooleanAgent Boolean value to indicate if Vault Agent is used for authentication.
- vault
Aws StringIam Role The Vault role defined to bind to aws iam account/role being accessed.
- vault
K8s StringAuth Role The role where K8s Auth will happen.
- xvault
Aws StringIam Server Id The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- identifier string
Unique identifier of the resource.
- renewal
Interval numberMinutes The time interval for the token renewal.
- vault
Url string URL of the HashiCorp Vault.
- access
Type string Access type.
- app
Role stringId ID of App Role.
- auth
Token string Authentication token for Vault.
- aws
Region string AWS region where the AWS IAM authentication will happen.
- base
Path string Location of the Vault directory where the secret will be stored.
- default boolean
Is default or not.
- delegate
Selectors string[] List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- description string
Description of the resource.
- is
Default boolean Is default or not.
- is
Read booleanOnly Read only or not.
- k8s
Auth stringEndpoint The path where Kubernetes Auth is enabled in Vault.
- name string
Name of the resource.
- namespace string
Vault namespace where the Secret will be created.
- org
Id string Unique identifier of the Organization.
- project
Id string Unique identifier of the Project.
- read
Only boolean Read only.
- renew
App booleanRole Token Boolean value to indicate if AppRole token renewal is enabled or not.
- secret
Engine booleanManually Configured Manually entered Secret Engine.
- secret
Engine stringName Name of the Secret Engine.
- secret
Engine numberVersion Version of Secret Engine.
- secret
Id string ID of the Secret.
- service
Account stringToken Path The Service Account token path in the K8s pod where the token is mounted.
- sink
Path string The location from which the authentication token should be read.
- string[]
Tags to associate with the resource. Tags should be in the form
name:value.- use
Aws booleanIam Boolean value to indicate if AWS IAM is used for authentication.
- use
K8s booleanAuth Boolean value to indicate if K8s Auth is used for authentication.
- use
Vault booleanAgent Boolean value to indicate if Vault Agent is used for authentication.
- vault
Aws stringIam Role The Vault role defined to bind to aws iam account/role being accessed.
- vault
K8s stringAuth Role The role where K8s Auth will happen.
- xvault
Aws stringIam Server Id The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- identifier str
Unique identifier of the resource.
- renewal_
interval_ intminutes The time interval for the token renewal.
- vault_
url str URL of the HashiCorp Vault.
- access_
type str Access type.
- app_
role_ strid ID of App Role.
- auth_
token str Authentication token for Vault.
- aws_
region str AWS region where the AWS IAM authentication will happen.
- base_
path str Location of the Vault directory where the secret will be stored.
- default bool
Is default or not.
- delegate_
selectors Sequence[str] List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- description str
Description of the resource.
- is_
default bool Is default or not.
- is_
read_ boolonly Read only or not.
- k8s_
auth_ strendpoint The path where Kubernetes Auth is enabled in Vault.
- name str
Name of the resource.
- namespace str
Vault namespace where the Secret will be created.
- org_
id str Unique identifier of the Organization.
- project_
id str Unique identifier of the Project.
- read_
only bool Read only.
- renew_
app_ boolrole_ token Boolean value to indicate if AppRole token renewal is enabled or not.
- secret_
engine_ boolmanually_ configured Manually entered Secret Engine.
- secret_
engine_ strname Name of the Secret Engine.
- secret_
engine_ intversion Version of Secret Engine.
- secret_
id str ID of the Secret.
- service_
account_ strtoken_ path The Service Account token path in the K8s pod where the token is mounted.
- sink_
path str The location from which the authentication token should be read.
- Sequence[str]
Tags to associate with the resource. Tags should be in the form
name:value.- use_
aws_ booliam Boolean value to indicate if AWS IAM is used for authentication.
- use_
k8s_ boolauth Boolean value to indicate if K8s Auth is used for authentication.
- use_
vault_ boolagent Boolean value to indicate if Vault Agent is used for authentication.
- vault_
aws_ striam_ role The Vault role defined to bind to aws iam account/role being accessed.
- vault_
k8s_ strauth_ role The role where K8s Auth will happen.
- xvault_
aws_ striam_ server_ id The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- identifier String
Unique identifier of the resource.
- renewal
Interval NumberMinutes The time interval for the token renewal.
- vault
Url String URL of the HashiCorp Vault.
- access
Type String Access type.
- app
Role StringId ID of App Role.
- auth
Token String Authentication token for Vault.
- aws
Region String AWS region where the AWS IAM authentication will happen.
- base
Path String Location of the Vault directory where the secret will be stored.
- default Boolean
Is default or not.
- delegate
Selectors List<String> List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- description String
Description of the resource.
- is
Default Boolean Is default or not.
- is
Read BooleanOnly Read only or not.
- k8s
Auth StringEndpoint The path where Kubernetes Auth is enabled in Vault.
- name String
Name of the resource.
- namespace String
Vault namespace where the Secret will be created.
- org
Id String Unique identifier of the Organization.
- project
Id String Unique identifier of the Project.
- read
Only Boolean Read only.
- renew
App BooleanRole Token Boolean value to indicate if AppRole token renewal is enabled or not.
- secret
Engine BooleanManually Configured Manually entered Secret Engine.
- secret
Engine StringName Name of the Secret Engine.
- secret
Engine NumberVersion Version of Secret Engine.
- secret
Id String ID of the Secret.
- service
Account StringToken Path The Service Account token path in the K8s pod where the token is mounted.
- sink
Path String The location from which the authentication token should be read.
- List<String>
Tags to associate with the resource. Tags should be in the form
name:value.- use
Aws BooleanIam Boolean value to indicate if AWS IAM is used for authentication.
- use
K8s BooleanAuth Boolean value to indicate if K8s Auth is used for authentication.
- use
Vault BooleanAgent Boolean value to indicate if Vault Agent is used for authentication.
- vault
Aws StringIam Role The Vault role defined to bind to aws iam account/role being accessed.
- vault
K8s StringAuth Role The role where K8s Auth will happen.
- xvault
Aws StringIam Server Id The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
Outputs
All input properties are implicitly available as output properties. Additionally, the VaultConnector resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing VaultConnector Resource
Get an existing VaultConnector resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: VaultConnectorState, opts?: CustomResourceOptions): VaultConnector@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_type: Optional[str] = None,
app_role_id: Optional[str] = None,
auth_token: Optional[str] = None,
aws_region: Optional[str] = None,
base_path: Optional[str] = None,
default: Optional[bool] = None,
delegate_selectors: Optional[Sequence[str]] = None,
description: Optional[str] = None,
identifier: Optional[str] = None,
is_default: Optional[bool] = None,
is_read_only: Optional[bool] = None,
k8s_auth_endpoint: Optional[str] = None,
name: Optional[str] = None,
namespace: Optional[str] = None,
org_id: Optional[str] = None,
project_id: Optional[str] = None,
read_only: Optional[bool] = None,
renew_app_role_token: Optional[bool] = None,
renewal_interval_minutes: Optional[int] = None,
secret_engine_manually_configured: Optional[bool] = None,
secret_engine_name: Optional[str] = None,
secret_engine_version: Optional[int] = None,
secret_id: Optional[str] = None,
service_account_token_path: Optional[str] = None,
sink_path: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
use_aws_iam: Optional[bool] = None,
use_k8s_auth: Optional[bool] = None,
use_vault_agent: Optional[bool] = None,
vault_aws_iam_role: Optional[str] = None,
vault_k8s_auth_role: Optional[str] = None,
vault_url: Optional[str] = None,
xvault_aws_iam_server_id: Optional[str] = None) -> VaultConnectorfunc GetVaultConnector(ctx *Context, name string, id IDInput, state *VaultConnectorState, opts ...ResourceOption) (*VaultConnector, error)public static VaultConnector Get(string name, Input<string> id, VaultConnectorState? state, CustomResourceOptions? opts = null)public static VaultConnector get(String name, Output<String> id, VaultConnectorState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Type string Access type.
- App
Role stringId ID of App Role.
- Auth
Token string Authentication token for Vault.
- Aws
Region string AWS region where the AWS IAM authentication will happen.
- Base
Path string Location of the Vault directory where the secret will be stored.
- Default bool
Is default or not.
- Delegate
Selectors List<string> List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- Description string
Description of the resource.
- Identifier string
Unique identifier of the resource.
- Is
Default bool Is default or not.
- Is
Read boolOnly Read only or not.
- K8s
Auth stringEndpoint The path where Kubernetes Auth is enabled in Vault.
- Name string
Name of the resource.
- Namespace string
Vault namespace where the Secret will be created.
- Org
Id string Unique identifier of the Organization.
- Project
Id string Unique identifier of the Project.
- Read
Only bool Read only.
- Renew
App boolRole Token Boolean value to indicate if AppRole token renewal is enabled or not.
- Renewal
Interval intMinutes The time interval for the token renewal.
- Secret
Engine boolManually Configured Manually entered Secret Engine.
- Secret
Engine stringName Name of the Secret Engine.
- Secret
Engine intVersion Version of Secret Engine.
- Secret
Id string ID of the Secret.
- Service
Account stringToken Path The Service Account token path in the K8s pod where the token is mounted.
- Sink
Path string The location from which the authentication token should be read.
- List<string>
Tags to associate with the resource. Tags should be in the form
name:value.- Use
Aws boolIam Boolean value to indicate if AWS IAM is used for authentication.
- Use
K8s boolAuth Boolean value to indicate if K8s Auth is used for authentication.
- Use
Vault boolAgent Boolean value to indicate if Vault Agent is used for authentication.
- Vault
Aws stringIam Role The Vault role defined to bind to aws iam account/role being accessed.
- Vault
K8s stringAuth Role The role where K8s Auth will happen.
- Vault
Url string URL of the HashiCorp Vault.
- Xvault
Aws stringIam Server Id The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- Access
Type string Access type.
- App
Role stringId ID of App Role.
- Auth
Token string Authentication token for Vault.
- Aws
Region string AWS region where the AWS IAM authentication will happen.
- Base
Path string Location of the Vault directory where the secret will be stored.
- Default bool
Is default or not.
- Delegate
Selectors []string List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- Description string
Description of the resource.
- Identifier string
Unique identifier of the resource.
- Is
Default bool Is default or not.
- Is
Read boolOnly Read only or not.
- K8s
Auth stringEndpoint The path where Kubernetes Auth is enabled in Vault.
- Name string
Name of the resource.
- Namespace string
Vault namespace where the Secret will be created.
- Org
Id string Unique identifier of the Organization.
- Project
Id string Unique identifier of the Project.
- Read
Only bool Read only.
- Renew
App boolRole Token Boolean value to indicate if AppRole token renewal is enabled or not.
- Renewal
Interval intMinutes The time interval for the token renewal.
- Secret
Engine boolManually Configured Manually entered Secret Engine.
- Secret
Engine stringName Name of the Secret Engine.
- Secret
Engine intVersion Version of Secret Engine.
- Secret
Id string ID of the Secret.
- Service
Account stringToken Path The Service Account token path in the K8s pod where the token is mounted.
- Sink
Path string The location from which the authentication token should be read.
- []string
Tags to associate with the resource. Tags should be in the form
name:value.- Use
Aws boolIam Boolean value to indicate if AWS IAM is used for authentication.
- Use
K8s boolAuth Boolean value to indicate if K8s Auth is used for authentication.
- Use
Vault boolAgent Boolean value to indicate if Vault Agent is used for authentication.
- Vault
Aws stringIam Role The Vault role defined to bind to aws iam account/role being accessed.
- Vault
K8s stringAuth Role The role where K8s Auth will happen.
- Vault
Url string URL of the HashiCorp Vault.
- Xvault
Aws stringIam Server Id The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- access
Type String Access type.
- app
Role StringId ID of App Role.
- auth
Token String Authentication token for Vault.
- aws
Region String AWS region where the AWS IAM authentication will happen.
- base
Path String Location of the Vault directory where the secret will be stored.
- default_ Boolean
Is default or not.
- delegate
Selectors List<String> List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- description String
Description of the resource.
- identifier String
Unique identifier of the resource.
- is
Default Boolean Is default or not.
- is
Read BooleanOnly Read only or not.
- k8s
Auth StringEndpoint The path where Kubernetes Auth is enabled in Vault.
- name String
Name of the resource.
- namespace String
Vault namespace where the Secret will be created.
- org
Id String Unique identifier of the Organization.
- project
Id String Unique identifier of the Project.
- read
Only Boolean Read only.
- renew
App BooleanRole Token Boolean value to indicate if AppRole token renewal is enabled or not.
- renewal
Interval IntegerMinutes The time interval for the token renewal.
- secret
Engine BooleanManually Configured Manually entered Secret Engine.
- secret
Engine StringName Name of the Secret Engine.
- secret
Engine IntegerVersion Version of Secret Engine.
- secret
Id String ID of the Secret.
- service
Account StringToken Path The Service Account token path in the K8s pod where the token is mounted.
- sink
Path String The location from which the authentication token should be read.
- List<String>
Tags to associate with the resource. Tags should be in the form
name:value.- use
Aws BooleanIam Boolean value to indicate if AWS IAM is used for authentication.
- use
K8s BooleanAuth Boolean value to indicate if K8s Auth is used for authentication.
- use
Vault BooleanAgent Boolean value to indicate if Vault Agent is used for authentication.
- vault
Aws StringIam Role The Vault role defined to bind to aws iam account/role being accessed.
- vault
K8s StringAuth Role The role where K8s Auth will happen.
- vault
Url String URL of the HashiCorp Vault.
- xvault
Aws StringIam Server Id The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- access
Type string Access type.
- app
Role stringId ID of App Role.
- auth
Token string Authentication token for Vault.
- aws
Region string AWS region where the AWS IAM authentication will happen.
- base
Path string Location of the Vault directory where the secret will be stored.
- default boolean
Is default or not.
- delegate
Selectors string[] List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- description string
Description of the resource.
- identifier string
Unique identifier of the resource.
- is
Default boolean Is default or not.
- is
Read booleanOnly Read only or not.
- k8s
Auth stringEndpoint The path where Kubernetes Auth is enabled in Vault.
- name string
Name of the resource.
- namespace string
Vault namespace where the Secret will be created.
- org
Id string Unique identifier of the Organization.
- project
Id string Unique identifier of the Project.
- read
Only boolean Read only.
- renew
App booleanRole Token Boolean value to indicate if AppRole token renewal is enabled or not.
- renewal
Interval numberMinutes The time interval for the token renewal.
- secret
Engine booleanManually Configured Manually entered Secret Engine.
- secret
Engine stringName Name of the Secret Engine.
- secret
Engine numberVersion Version of Secret Engine.
- secret
Id string ID of the Secret.
- service
Account stringToken Path The Service Account token path in the K8s pod where the token is mounted.
- sink
Path string The location from which the authentication token should be read.
- string[]
Tags to associate with the resource. Tags should be in the form
name:value.- use
Aws booleanIam Boolean value to indicate if AWS IAM is used for authentication.
- use
K8s booleanAuth Boolean value to indicate if K8s Auth is used for authentication.
- use
Vault booleanAgent Boolean value to indicate if Vault Agent is used for authentication.
- vault
Aws stringIam Role The Vault role defined to bind to aws iam account/role being accessed.
- vault
K8s stringAuth Role The role where K8s Auth will happen.
- vault
Url string URL of the HashiCorp Vault.
- xvault
Aws stringIam Server Id The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- access_
type str Access type.
- app_
role_ strid ID of App Role.
- auth_
token str Authentication token for Vault.
- aws_
region str AWS region where the AWS IAM authentication will happen.
- base_
path str Location of the Vault directory where the secret will be stored.
- default bool
Is default or not.
- delegate_
selectors Sequence[str] List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- description str
Description of the resource.
- identifier str
Unique identifier of the resource.
- is_
default bool Is default or not.
- is_
read_ boolonly Read only or not.
- k8s_
auth_ strendpoint The path where Kubernetes Auth is enabled in Vault.
- name str
Name of the resource.
- namespace str
Vault namespace where the Secret will be created.
- org_
id str Unique identifier of the Organization.
- project_
id str Unique identifier of the Project.
- read_
only bool Read only.
- renew_
app_ boolrole_ token Boolean value to indicate if AppRole token renewal is enabled or not.
- renewal_
interval_ intminutes The time interval for the token renewal.
- secret_
engine_ boolmanually_ configured Manually entered Secret Engine.
- secret_
engine_ strname Name of the Secret Engine.
- secret_
engine_ intversion Version of Secret Engine.
- secret_
id str ID of the Secret.
- service_
account_ strtoken_ path The Service Account token path in the K8s pod where the token is mounted.
- sink_
path str The location from which the authentication token should be read.
- Sequence[str]
Tags to associate with the resource. Tags should be in the form
name:value.- use_
aws_ booliam Boolean value to indicate if AWS IAM is used for authentication.
- use_
k8s_ boolauth Boolean value to indicate if K8s Auth is used for authentication.
- use_
vault_ boolagent Boolean value to indicate if Vault Agent is used for authentication.
- vault_
aws_ striam_ role The Vault role defined to bind to aws iam account/role being accessed.
- vault_
k8s_ strauth_ role The role where K8s Auth will happen.
- vault_
url str URL of the HashiCorp Vault.
- xvault_
aws_ striam_ server_ id The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- access
Type String Access type.
- app
Role StringId ID of App Role.
- auth
Token String Authentication token for Vault.
- aws
Region String AWS region where the AWS IAM authentication will happen.
- base
Path String Location of the Vault directory where the secret will be stored.
- default Boolean
Is default or not.
- delegate
Selectors List<String> List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- description String
Description of the resource.
- identifier String
Unique identifier of the resource.
- is
Default Boolean Is default or not.
- is
Read BooleanOnly Read only or not.
- k8s
Auth StringEndpoint The path where Kubernetes Auth is enabled in Vault.
- name String
Name of the resource.
- namespace String
Vault namespace where the Secret will be created.
- org
Id String Unique identifier of the Organization.
- project
Id String Unique identifier of the Project.
- read
Only Boolean Read only.
- renew
App BooleanRole Token Boolean value to indicate if AppRole token renewal is enabled or not.
- renewal
Interval NumberMinutes The time interval for the token renewal.
- secret
Engine BooleanManually Configured Manually entered Secret Engine.
- secret
Engine StringName Name of the Secret Engine.
- secret
Engine NumberVersion Version of Secret Engine.
- secret
Id String ID of the Secret.
- service
Account StringToken Path The Service Account token path in the K8s pod where the token is mounted.
- sink
Path String The location from which the authentication token should be read.
- List<String>
Tags to associate with the resource. Tags should be in the form
name:value.- use
Aws BooleanIam Boolean value to indicate if AWS IAM is used for authentication.
- use
K8s BooleanAuth Boolean value to indicate if K8s Auth is used for authentication.
- use
Vault BooleanAgent Boolean value to indicate if Vault Agent is used for authentication.
- vault
Aws StringIam Role The Vault role defined to bind to aws iam account/role being accessed.
- vault
K8s StringAuth Role The role where K8s Auth will happen.
- vault
Url String URL of the HashiCorp Vault.
- xvault
Aws StringIam Server Id The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
Import
Import using vault connector id
$ pulumi import harness:platform/vaultConnector:VaultConnector example <connector_id>
Package Details
- Repository
- harness lbrlabs/pulumi-harness
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
harnessTerraform Provider.