harness logo
Harness v0.0.5, Oct 31 22

harness.SshCredential

Resource for creating an encrypted text secret

Example Usage

using System.Collections.Generic;
using Pulumi;
using Harness = Lbrlabs.PulumiPackage.Harness;
using Harness = Pulumi.Harness;
using Tls = Pulumi.Tls;

return await Deployment.RunAsync(() => 
{
    var harnessDeployKey = new Tls.PrivateKey("harnessDeployKey", new()
    {
        Algorithm = "RSA",
        RsaBits = 4096,
    });

    var secretManager = Harness.GetSecretManager.Invoke(new()
    {
        Default = true,
    });

    var mySecret = new Harness.EncryptedText("mySecret", new()
    {
        Value = harnessDeployKey.PrivateKeyPem,
        SecretManagerId = secretManager.Apply(getSecretManagerResult => getSecretManagerResult.Id),
    });

    var sshCreds = new Harness.SshCredential("sshCreds", new()
    {
        SshAuthentication = new Harness.Inputs.SshCredentialSshAuthenticationArgs
        {
            Port = 22,
            Username = "git",
            InlineSsh = new Harness.Inputs.SshCredentialSshAuthenticationInlineSshArgs
            {
                SshKeyFileId = mySecret.Id,
            },
        },
    });

});
package main

import (
	"github.com/lbrlabs/pulumi-harness/sdk/go/harness"
	"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		harnessDeployKey, err := tls.NewPrivateKey(ctx, "harnessDeployKey", &tls.PrivateKeyArgs{
			Algorithm: pulumi.String("RSA"),
			RsaBits:   pulumi.Int(4096),
		})
		if err != nil {
			return err
		}
		secretManager, err := harness.GetSecretManager(ctx, &GetSecretManagerArgs{
			Default: pulumi.BoolRef(true),
		}, nil)
		if err != nil {
			return err
		}
		mySecret, err := harness.NewEncryptedText(ctx, "mySecret", &harness.EncryptedTextArgs{
			Value:           harnessDeployKey.PrivateKeyPem,
			SecretManagerId: pulumi.String(secretManager.Id),
		})
		if err != nil {
			return err
		}
		_, err = harness.NewSshCredential(ctx, "sshCreds", &harness.SshCredentialArgs{
			SshAuthentication: &SshCredentialSshAuthenticationArgs{
				Port:     pulumi.Int(22),
				Username: pulumi.String("git"),
				InlineSsh: &SshCredentialSshAuthenticationInlineSshArgs{
					SshKeyFileId: mySecret.ID(),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tls.PrivateKey;
import com.pulumi.tls.PrivateKeyArgs;
import com.pulumi.harness.HarnessFunctions;
import com.pulumi.harness.inputs.GetSecretManagerArgs;
import com.pulumi.harness.EncryptedText;
import com.pulumi.harness.EncryptedTextArgs;
import com.pulumi.harness.SshCredential;
import com.pulumi.harness.SshCredentialArgs;
import com.pulumi.harness.inputs.SshCredentialSshAuthenticationArgs;
import com.pulumi.harness.inputs.SshCredentialSshAuthenticationInlineSshArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var harnessDeployKey = new PrivateKey("harnessDeployKey", PrivateKeyArgs.builder()        
            .algorithm("RSA")
            .rsaBits(4096)
            .build());

        final var secretManager = HarnessFunctions.getSecretManager(GetSecretManagerArgs.builder()
            .default_(true)
            .build());

        var mySecret = new EncryptedText("mySecret", EncryptedTextArgs.builder()        
            .value(harnessDeployKey.privateKeyPem())
            .secretManagerId(secretManager.applyValue(getSecretManagerResult -> getSecretManagerResult.id()))
            .build());

        var sshCreds = new SshCredential("sshCreds", SshCredentialArgs.builder()        
            .sshAuthentication(SshCredentialSshAuthenticationArgs.builder()
                .port(22)
                .username("git")
                .inlineSsh(SshCredentialSshAuthenticationInlineSshArgs.builder()
                    .sshKeyFileId(mySecret.id())
                    .build())
                .build())
            .build());

    }
}
import pulumi
import lbrlabs_pulumi_harness as harness
import pulumi_harness as harness
import pulumi_tls as tls

harness_deploy_key = tls.PrivateKey("harnessDeployKey",
    algorithm="RSA",
    rsa_bits=4096)
secret_manager = harness.get_secret_manager(default=True)
my_secret = harness.EncryptedText("mySecret",
    value=harness_deploy_key.private_key_pem,
    secret_manager_id=secret_manager.id)
ssh_creds = harness.SshCredential("sshCreds", ssh_authentication=harness.SshCredentialSshAuthenticationArgs(
    port=22,
    username="git",
    inline_ssh=harness.SshCredentialSshAuthenticationInlineSshArgs(
        ssh_key_file_id=my_secret.id,
    ),
))
import * as pulumi from "@pulumi/pulumi";
import * as harness from "@lbrlabs/pulumi-harness";
import * as harness from "@pulumi/harness";
import * as tls from "@pulumi/tls";

const harnessDeployKey = new tls.PrivateKey("harnessDeployKey", {
    algorithm: "RSA",
    rsaBits: 4096,
});
const secretManager = harness.getSecretManager({
    "default": true,
});
const mySecret = new harness.EncryptedText("mySecret", {
    value: harnessDeployKey.privateKeyPem,
    secretManagerId: secretManager.then(secretManager => secretManager.id),
});
const sshCreds = new harness.SshCredential("sshCreds", {sshAuthentication: {
    port: 22,
    username: "git",
    inlineSsh: {
        sshKeyFileId: mySecret.id,
    },
}});
resources:
  harnessDeployKey:
    type: tls:PrivateKey
    properties:
      algorithm: RSA
      rsaBits: 4096
  mySecret:
    type: harness:EncryptedText
    properties:
      value: ${harnessDeployKey.privateKeyPem}
      secretManagerId: ${secretManager.id}
  sshCreds:
    type: harness:SshCredential
    properties:
      sshAuthentication:
        port: 22
        username: git
        inlineSsh:
          sshKeyFileId: ${mySecret.id}
variables:
  secretManager:
    fn::invoke:
      Function: harness:getSecretManager
      Arguments:
        default: true

Create SshCredential Resource

new SshCredential(name: string, args?: SshCredentialArgs, opts?: CustomResourceOptions);
@overload
def SshCredential(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  kerberos_authentication: Optional[SshCredentialKerberosAuthenticationArgs] = None,
                  name: Optional[str] = None,
                  ssh_authentication: Optional[SshCredentialSshAuthenticationArgs] = None,
                  usage_scopes: Optional[Sequence[SshCredentialUsageScopeArgs]] = None)
@overload
def SshCredential(resource_name: str,
                  args: Optional[SshCredentialArgs] = None,
                  opts: Optional[ResourceOptions] = None)
func NewSshCredential(ctx *Context, name string, args *SshCredentialArgs, opts ...ResourceOption) (*SshCredential, error)
public SshCredential(string name, SshCredentialArgs? args = null, CustomResourceOptions? opts = null)
public SshCredential(String name, SshCredentialArgs args)
public SshCredential(String name, SshCredentialArgs args, CustomResourceOptions options)
type: harness:SshCredential
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args SshCredentialArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args SshCredentialArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args SshCredentialArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args SshCredentialArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args SshCredentialArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

SshCredential Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The SshCredential resource accepts the following input properties:

KerberosAuthentication Lbrlabs.PulumiPackage.Harness.Inputs.SshCredentialKerberosAuthenticationArgs

Kerberos authentication for SSH. Cannot be used if ssh*authentication is specified

Name string

Name of the encrypted text secret

SshAuthentication Lbrlabs.PulumiPackage.Harness.Inputs.SshCredentialSshAuthenticationArgs

Authentication method for SSH. Cannot be used if kerberos*authentication is specified. Only one of inline_ssh, server_password, or ssh_key_file should be set

UsageScopes List<Lbrlabs.PulumiPackage.Harness.Inputs.SshCredentialUsageScopeArgs>

This block is used for scoping the resource to a specific set of applications or environments.

KerberosAuthentication SshCredentialKerberosAuthenticationArgs

Kerberos authentication for SSH. Cannot be used if ssh*authentication is specified

Name string

Name of the encrypted text secret

SshAuthentication SshCredentialSshAuthenticationArgs

Authentication method for SSH. Cannot be used if kerberos*authentication is specified. Only one of inline_ssh, server_password, or ssh_key_file should be set

UsageScopes []SshCredentialUsageScopeArgs

This block is used for scoping the resource to a specific set of applications or environments.

kerberosAuthentication SshCredentialKerberosAuthenticationArgs

Kerberos authentication for SSH. Cannot be used if ssh*authentication is specified

name String

Name of the encrypted text secret

sshAuthentication SshCredentialSshAuthenticationArgs

Authentication method for SSH. Cannot be used if kerberos*authentication is specified. Only one of inline_ssh, server_password, or ssh_key_file should be set

usageScopes List<SshCredentialUsageScopeArgs>

This block is used for scoping the resource to a specific set of applications or environments.

kerberosAuthentication SshCredentialKerberosAuthenticationArgs

Kerberos authentication for SSH. Cannot be used if ssh*authentication is specified

name string

Name of the encrypted text secret

sshAuthentication SshCredentialSshAuthenticationArgs

Authentication method for SSH. Cannot be used if kerberos*authentication is specified. Only one of inline_ssh, server_password, or ssh_key_file should be set

usageScopes SshCredentialUsageScopeArgs[]

This block is used for scoping the resource to a specific set of applications or environments.

kerberos_authentication SshCredentialKerberosAuthenticationArgs

Kerberos authentication for SSH. Cannot be used if ssh*authentication is specified

name str

Name of the encrypted text secret

ssh_authentication SshCredentialSshAuthenticationArgs

Authentication method for SSH. Cannot be used if kerberos*authentication is specified. Only one of inline_ssh, server_password, or ssh_key_file should be set

usage_scopes Sequence[SshCredentialUsageScopeArgs]

This block is used for scoping the resource to a specific set of applications or environments.

kerberosAuthentication Property Map

Kerberos authentication for SSH. Cannot be used if ssh*authentication is specified

name String

Name of the encrypted text secret

sshAuthentication Property Map

Authentication method for SSH. Cannot be used if kerberos*authentication is specified. Only one of inline_ssh, server_password, or ssh_key_file should be set

usageScopes List<Property Map>

This block is used for scoping the resource to a specific set of applications or environments.

Outputs

All input properties are implicitly available as output properties. Additionally, the SshCredential resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing SshCredential Resource

Get an existing SshCredential resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SshCredentialState, opts?: CustomResourceOptions): SshCredential
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        kerberos_authentication: Optional[SshCredentialKerberosAuthenticationArgs] = None,
        name: Optional[str] = None,
        ssh_authentication: Optional[SshCredentialSshAuthenticationArgs] = None,
        usage_scopes: Optional[Sequence[SshCredentialUsageScopeArgs]] = None) -> SshCredential
func GetSshCredential(ctx *Context, name string, id IDInput, state *SshCredentialState, opts ...ResourceOption) (*SshCredential, error)
public static SshCredential Get(string name, Input<string> id, SshCredentialState? state, CustomResourceOptions? opts = null)
public static SshCredential get(String name, Output<String> id, SshCredentialState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
KerberosAuthentication Lbrlabs.PulumiPackage.Harness.Inputs.SshCredentialKerberosAuthenticationArgs

Kerberos authentication for SSH. Cannot be used if ssh*authentication is specified

Name string

Name of the encrypted text secret

SshAuthentication Lbrlabs.PulumiPackage.Harness.Inputs.SshCredentialSshAuthenticationArgs

Authentication method for SSH. Cannot be used if kerberos*authentication is specified. Only one of inline_ssh, server_password, or ssh_key_file should be set

UsageScopes List<Lbrlabs.PulumiPackage.Harness.Inputs.SshCredentialUsageScopeArgs>

This block is used for scoping the resource to a specific set of applications or environments.

KerberosAuthentication SshCredentialKerberosAuthenticationArgs

Kerberos authentication for SSH. Cannot be used if ssh*authentication is specified

Name string

Name of the encrypted text secret

SshAuthentication SshCredentialSshAuthenticationArgs

Authentication method for SSH. Cannot be used if kerberos*authentication is specified. Only one of inline_ssh, server_password, or ssh_key_file should be set

UsageScopes []SshCredentialUsageScopeArgs

This block is used for scoping the resource to a specific set of applications or environments.

kerberosAuthentication SshCredentialKerberosAuthenticationArgs

Kerberos authentication for SSH. Cannot be used if ssh*authentication is specified

name String

Name of the encrypted text secret

sshAuthentication SshCredentialSshAuthenticationArgs

Authentication method for SSH. Cannot be used if kerberos*authentication is specified. Only one of inline_ssh, server_password, or ssh_key_file should be set

usageScopes List<SshCredentialUsageScopeArgs>

This block is used for scoping the resource to a specific set of applications or environments.

kerberosAuthentication SshCredentialKerberosAuthenticationArgs

Kerberos authentication for SSH. Cannot be used if ssh*authentication is specified

name string

Name of the encrypted text secret

sshAuthentication SshCredentialSshAuthenticationArgs

Authentication method for SSH. Cannot be used if kerberos*authentication is specified. Only one of inline_ssh, server_password, or ssh_key_file should be set

usageScopes SshCredentialUsageScopeArgs[]

This block is used for scoping the resource to a specific set of applications or environments.

kerberos_authentication SshCredentialKerberosAuthenticationArgs

Kerberos authentication for SSH. Cannot be used if ssh*authentication is specified

name str

Name of the encrypted text secret

ssh_authentication SshCredentialSshAuthenticationArgs

Authentication method for SSH. Cannot be used if kerberos*authentication is specified. Only one of inline_ssh, server_password, or ssh_key_file should be set

usage_scopes Sequence[SshCredentialUsageScopeArgs]

This block is used for scoping the resource to a specific set of applications or environments.

kerberosAuthentication Property Map

Kerberos authentication for SSH. Cannot be used if ssh*authentication is specified

name String

Name of the encrypted text secret

sshAuthentication Property Map

Authentication method for SSH. Cannot be used if kerberos*authentication is specified. Only one of inline_ssh, server_password, or ssh_key_file should be set

usageScopes List<Property Map>

This block is used for scoping the resource to a specific set of applications or environments.

Supporting Types

SshCredentialKerberosAuthentication

Port int

Port to use for Kerberos authentication

Principal string

Name of the principal for authentication

Realm string

Realm associated with the Kerberos authentication

TgtGenerationMethod Lbrlabs.PulumiPackage.Harness.Inputs.SshCredentialKerberosAuthenticationTgtGenerationMethod

TGT generation method

Port int

Port to use for Kerberos authentication

Principal string

Name of the principal for authentication

Realm string

Realm associated with the Kerberos authentication

TgtGenerationMethod SshCredentialKerberosAuthenticationTgtGenerationMethod

TGT generation method

port Integer

Port to use for Kerberos authentication

principal String

Name of the principal for authentication

realm String

Realm associated with the Kerberos authentication

tgtGenerationMethod SshCredentialKerberosAuthenticationTgtGenerationMethod

TGT generation method

port number

Port to use for Kerberos authentication

principal string

Name of the principal for authentication

realm string

Realm associated with the Kerberos authentication

tgtGenerationMethod SshCredentialKerberosAuthenticationTgtGenerationMethod

TGT generation method

port int

Port to use for Kerberos authentication

principal str

Name of the principal for authentication

realm str

Realm associated with the Kerberos authentication

tgt_generation_method SshCredentialKerberosAuthenticationTgtGenerationMethod

TGT generation method

port Number

Port to use for Kerberos authentication

principal String

Name of the principal for authentication

realm String

Realm associated with the Kerberos authentication

tgtGenerationMethod Property Map

TGT generation method

SshCredentialKerberosAuthenticationTgtGenerationMethod

SshCredentialSshAuthentication

Port int

The port to connect to

Username string

The username to use when connecting to ssh

InlineSsh Lbrlabs.PulumiPackage.Harness.Inputs.SshCredentialSshAuthenticationInlineSsh

Inline SSH authentication configuration. Only ond of passphrase_secret_id or ssh_key_file_id should be used

ServerPassword Lbrlabs.PulumiPackage.Harness.Inputs.SshCredentialSshAuthenticationServerPassword

Server password authentication configuration

SshKeyFile Lbrlabs.PulumiPackage.Harness.Inputs.SshCredentialSshAuthenticationSshKeyFile

Use ssh key file for authentication

Port int

The port to connect to

Username string

The username to use when connecting to ssh

InlineSsh SshCredentialSshAuthenticationInlineSsh

Inline SSH authentication configuration. Only ond of passphrase_secret_id or ssh_key_file_id should be used

ServerPassword SshCredentialSshAuthenticationServerPassword

Server password authentication configuration

SshKeyFile SshCredentialSshAuthenticationSshKeyFile

Use ssh key file for authentication

port Integer

The port to connect to

username String

The username to use when connecting to ssh

inlineSsh SshCredentialSshAuthenticationInlineSsh

Inline SSH authentication configuration. Only ond of passphrase_secret_id or ssh_key_file_id should be used

serverPassword SshCredentialSshAuthenticationServerPassword

Server password authentication configuration

sshKeyFile SshCredentialSshAuthenticationSshKeyFile

Use ssh key file for authentication

port number

The port to connect to

username string

The username to use when connecting to ssh

inlineSsh SshCredentialSshAuthenticationInlineSsh

Inline SSH authentication configuration. Only ond of passphrase_secret_id or ssh_key_file_id should be used

serverPassword SshCredentialSshAuthenticationServerPassword

Server password authentication configuration

sshKeyFile SshCredentialSshAuthenticationSshKeyFile

Use ssh key file for authentication

port int

The port to connect to

username str

The username to use when connecting to ssh

inline_ssh SshCredentialSshAuthenticationInlineSsh

Inline SSH authentication configuration. Only ond of passphrase_secret_id or ssh_key_file_id should be used

server_password SshCredentialSshAuthenticationServerPassword

Server password authentication configuration

ssh_key_file SshCredentialSshAuthenticationSshKeyFile

Use ssh key file for authentication

port Number

The port to connect to

username String

The username to use when connecting to ssh

inlineSsh Property Map

Inline SSH authentication configuration. Only ond of passphrase_secret_id or ssh_key_file_id should be used

serverPassword Property Map

Server password authentication configuration

sshKeyFile Property Map

Use ssh key file for authentication

SshCredentialSshAuthenticationInlineSsh

SshCredentialSshAuthenticationServerPassword

SshCredentialSshAuthenticationSshKeyFile

SshCredentialUsageScope

ApplicationId string

Id of the application to scope to. If empty then this scope applies to all applications.

EnvironmentFilterType string

Type of environment filter applied. Cannot be used with environment_id. Valid options are NONPRODUCTIONENVIRONMENTS, PRODUCTION_ENVIRONMENTS.

EnvironmentId string

Id of the id of the specific environment to scope to. Cannot be used with environment_filter_type.

ApplicationId string

Id of the application to scope to. If empty then this scope applies to all applications.

EnvironmentFilterType string

Type of environment filter applied. Cannot be used with environment_id. Valid options are NONPRODUCTIONENVIRONMENTS, PRODUCTION_ENVIRONMENTS.

EnvironmentId string

Id of the id of the specific environment to scope to. Cannot be used with environment_filter_type.

applicationId String

Id of the application to scope to. If empty then this scope applies to all applications.

environmentFilterType String

Type of environment filter applied. Cannot be used with environment_id. Valid options are NONPRODUCTIONENVIRONMENTS, PRODUCTION_ENVIRONMENTS.

environmentId String

Id of the id of the specific environment to scope to. Cannot be used with environment_filter_type.

applicationId string

Id of the application to scope to. If empty then this scope applies to all applications.

environmentFilterType string

Type of environment filter applied. Cannot be used with environment_id. Valid options are NONPRODUCTIONENVIRONMENTS, PRODUCTION_ENVIRONMENTS.

environmentId string

Id of the id of the specific environment to scope to. Cannot be used with environment_filter_type.

application_id str

Id of the application to scope to. If empty then this scope applies to all applications.

environment_filter_type str

Type of environment filter applied. Cannot be used with environment_id. Valid options are NONPRODUCTIONENVIRONMENTS, PRODUCTION_ENVIRONMENTS.

environment_id str

Id of the id of the specific environment to scope to. Cannot be used with environment_filter_type.

applicationId String

Id of the application to scope to. If empty then this scope applies to all applications.

environmentFilterType String

Type of environment filter applied. Cannot be used with environment_id. Valid options are NONPRODUCTIONENVIRONMENTS, PRODUCTION_ENVIRONMENTS.

environmentId String

Id of the id of the specific environment to scope to. Cannot be used with environment_filter_type.

Import

Import using the Harness ssh credential id

 $ pulumi import harness:index/sshCredential:SshCredential example <credential_id>

Package Details

Repository
harness lbrlabs/pulumi-harness
License
Apache-2.0
Notes

This Pulumi package is based on the harness Terraform Provider.