This provider is currently in preview.
Viewing docs for Pulumi Cloud v1.1.0
published on Thursday, May 21, 2026 by Pulumi
published on Thursday, May 21, 2026 by Pulumi
This provider is currently in preview.
Viewing docs for Pulumi Cloud v1.1.0
published on Thursday, May 21, 2026 by Pulumi
published on Thursday, May 21, 2026 by Pulumi
Registers a new OIDC issuer for an organization, establishing a trust relationship with an external identity provider. Once registered, the identity provider can issue signed, short-lived tokens that are exchanged for temporary Pulumi Cloud credentials during deployments. This eliminates the need to store long-lived access tokens. Supported providers include AWS, Azure, Google Cloud, GitHub Actions, and any OIDC-compliant identity provider. The request must include the issuer URL, and the service will fetch the provider’s public signing keys to verify token authenticity.
Create OidcIssuer Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new OidcIssuer(name: string, args: OidcIssuerArgs, opts?: CustomResourceOptions);@overload
def OidcIssuer(resource_name: str,
args: OidcIssuerArgs,
opts: Optional[ResourceOptions] = None)
@overload
def OidcIssuer(resource_name: str,
opts: Optional[ResourceOptions] = None,
name: Optional[str] = None,
org_name: Optional[str] = None,
url: Optional[str] = None,
issuer_id: Optional[str] = None,
jwks: Optional[Any] = None,
max_expiration: Optional[int] = None,
thumbprints: Optional[Sequence[str]] = None)func NewOidcIssuer(ctx *Context, name string, args OidcIssuerArgs, opts ...ResourceOption) (*OidcIssuer, error)public OidcIssuer(string name, OidcIssuerArgs args, CustomResourceOptions? opts = null)
public OidcIssuer(String name, OidcIssuerArgs args)
public OidcIssuer(String name, OidcIssuerArgs args, CustomResourceOptions options)
type: pulumiservice:api/auth:OidcIssuer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
resource "pulumiservice_api_auth_oidcissuer" "name" {
# resource properties
}Parameters
- name string
- The unique name of the resource.
- args OidcIssuerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OidcIssuerArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OidcIssuerArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OidcIssuerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OidcIssuerArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var oidcIssuerResource = new PulumiService.Api.Auth.OidcIssuer("oidcIssuerResource", new()
{
Name = "string",
OrgName = "string",
Url = "string",
IssuerId = "string",
Jwks = "any",
MaxExpiration = 0,
Thumbprints = new[]
{
"string",
},
});
example, err := auth.NewOidcIssuer(ctx, "oidcIssuerResource", &auth.OidcIssuerArgs{
Name: pulumi.String("string"),
OrgName: pulumi.String("string"),
Url: pulumi.String("string"),
IssuerId: pulumi.String("string"),
Jwks: pulumi.Any("any"),
MaxExpiration: pulumi.Int(0),
Thumbprints: pulumi.StringArray{
pulumi.String("string"),
},
})
resource "pulumiservice_api_auth_oidcissuer" "oidcIssuerResource" {
name = "string"
org_name = "string"
url = "string"
issuer_id = "string"
jwks = "any"
max_expiration = 0
thumbprints = ["string"]
}
var oidcIssuerResource = new com.pulumi.pulumiservice.api.OidcIssuer("oidcIssuerResource", com.pulumi.pulumiservice.api.OidcIssuerArgs.builder()
.name("string")
.orgName("string")
.url("string")
.issuerId("string")
.jwks("any")
.maxExpiration(0)
.thumbprints("string")
.build());
oidc_issuer_resource = pulumiservice.api.auth.OidcIssuer("oidcIssuerResource",
name="string",
org_name="string",
url="string",
issuer_id="string",
jwks="any",
max_expiration=0,
thumbprints=["string"])
const oidcIssuerResource = new pulumiservice.api.auth.OidcIssuer("oidcIssuerResource", {
name: "string",
orgName: "string",
url: "string",
issuerId: "string",
jwks: "any",
maxExpiration: 0,
thumbprints: ["string"],
});
type: pulumiservice:api/auth:OidcIssuer
properties:
issuerId: string
jwks: any
maxExpiration: 0
name: string
orgName: string
thumbprints:
- string
url: string
OidcIssuer Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The OidcIssuer resource accepts the following input properties:
- Name string
- The display name of the OIDC issuer.
- Org
Name string - The organization name
- Url string
- The URL of the OIDC issuer.
- Issuer
Id string - The OIDC issuer identifier
- Jwks object
- The JSON Web Key Set for the OIDC issuer.
- Max
Expiration int - The maximum token expiration time in seconds.
- Thumbprints List<string>
- SHA-1 certificate thumbprints used to verify the OIDC issuer's TLS certificate.
- Name string
- The display name of the OIDC issuer.
- Org
Name string - The organization name
- Url string
- The URL of the OIDC issuer.
- Issuer
Id string - The OIDC issuer identifier
- Jwks interface{}
- The JSON Web Key Set for the OIDC issuer.
- Max
Expiration int - The maximum token expiration time in seconds.
- Thumbprints []string
- SHA-1 certificate thumbprints used to verify the OIDC issuer's TLS certificate.
- name string
- The display name of the OIDC issuer.
- org_
name string - The organization name
- url string
- The URL of the OIDC issuer.
- issuer_
id string - The OIDC issuer identifier
- jwks any
- The JSON Web Key Set for the OIDC issuer.
- max_
expiration number - The maximum token expiration time in seconds.
- thumbprints list(string)
- SHA-1 certificate thumbprints used to verify the OIDC issuer's TLS certificate.
- name String
- The display name of the OIDC issuer.
- org
Name String - The organization name
- url String
- The URL of the OIDC issuer.
- issuer
Id String - The OIDC issuer identifier
- jwks Object
- The JSON Web Key Set for the OIDC issuer.
- max
Expiration Integer - The maximum token expiration time in seconds.
- thumbprints List<String>
- SHA-1 certificate thumbprints used to verify the OIDC issuer's TLS certificate.
- name string
- The display name of the OIDC issuer.
- org
Name string - The organization name
- url string
- The URL of the OIDC issuer.
- issuer
Id string - The OIDC issuer identifier
- jwks any
- The JSON Web Key Set for the OIDC issuer.
- max
Expiration number - The maximum token expiration time in seconds.
- thumbprints string[]
- SHA-1 certificate thumbprints used to verify the OIDC issuer's TLS certificate.
- name str
- The display name of the OIDC issuer.
- org_
name str - The organization name
- url str
- The URL of the OIDC issuer.
- issuer_
id str - The OIDC issuer identifier
- jwks Any
- The JSON Web Key Set for the OIDC issuer.
- max_
expiration int - The maximum token expiration time in seconds.
- thumbprints Sequence[str]
- SHA-1 certificate thumbprints used to verify the OIDC issuer's TLS certificate.
- name String
- The display name of the OIDC issuer.
- org
Name String - The organization name
- url String
- The URL of the OIDC issuer.
- issuer
Id String - The OIDC issuer identifier
- jwks Any
- The JSON Web Key Set for the OIDC issuer.
- max
Expiration Number - The maximum token expiration time in seconds.
- thumbprints List<String>
- SHA-1 certificate thumbprints used to verify the OIDC issuer's TLS certificate.
Outputs
All input properties are implicitly available as output properties. Additionally, the OidcIssuer resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Issuer string
- The OIDC issuer identifier, typically a URL that uniquely identifies the identity provider.
- Created string
- The ISO 8601 timestamp when the OIDC issuer was created.
- Last
Used string - The ISO 8601 timestamp when the OIDC issuer was last used for token exchange.
- Modified string
- The ISO 8601 timestamp when the OIDC issuer was last modified.
- Id string
- The provider-assigned unique ID for this managed resource.
- Issuer string
- The OIDC issuer identifier, typically a URL that uniquely identifies the identity provider.
- Created string
- The ISO 8601 timestamp when the OIDC issuer was created.
- Last
Used string - The ISO 8601 timestamp when the OIDC issuer was last used for token exchange.
- Modified string
- The ISO 8601 timestamp when the OIDC issuer was last modified.
- id string
- The provider-assigned unique ID for this managed resource.
- issuer string
- The OIDC issuer identifier, typically a URL that uniquely identifies the identity provider.
- created string
- The ISO 8601 timestamp when the OIDC issuer was created.
- last_
used string - The ISO 8601 timestamp when the OIDC issuer was last used for token exchange.
- modified string
- The ISO 8601 timestamp when the OIDC issuer was last modified.
- id String
- The provider-assigned unique ID for this managed resource.
- issuer String
- The OIDC issuer identifier, typically a URL that uniquely identifies the identity provider.
- created String
- The ISO 8601 timestamp when the OIDC issuer was created.
- last
Used String - The ISO 8601 timestamp when the OIDC issuer was last used for token exchange.
- modified String
- The ISO 8601 timestamp when the OIDC issuer was last modified.
- id string
- The provider-assigned unique ID for this managed resource.
- issuer string
- The OIDC issuer identifier, typically a URL that uniquely identifies the identity provider.
- created string
- The ISO 8601 timestamp when the OIDC issuer was created.
- last
Used string - The ISO 8601 timestamp when the OIDC issuer was last used for token exchange.
- modified string
- The ISO 8601 timestamp when the OIDC issuer was last modified.
- id str
- The provider-assigned unique ID for this managed resource.
- issuer str
- The OIDC issuer identifier, typically a URL that uniquely identifies the identity provider.
- created str
- The ISO 8601 timestamp when the OIDC issuer was created.
- last_
used str - The ISO 8601 timestamp when the OIDC issuer was last used for token exchange.
- modified str
- The ISO 8601 timestamp when the OIDC issuer was last modified.
- id String
- The provider-assigned unique ID for this managed resource.
- issuer String
- The OIDC issuer identifier, typically a URL that uniquely identifies the identity provider.
- created String
- The ISO 8601 timestamp when the OIDC issuer was created.
- last
Used String - The ISO 8601 timestamp when the OIDC issuer was last used for token exchange.
- modified String
- The ISO 8601 timestamp when the OIDC issuer was last modified.
Package Details
- Repository
- pulumiservice pulumi/pulumi-pulumiservice
- License
- Apache-2.0
This provider is currently in preview.
Viewing docs for Pulumi Cloud v1.1.0
published on Thursday, May 21, 2026 by Pulumi
published on Thursday, May 21, 2026 by Pulumi