1. Packages
  2. HashiCorp Vault
  3. API Docs
  4. aws
  5. getAccessCredentials
HashiCorp Vault v5.15.1 published on Tuesday, Sep 26, 2023 by Pulumi

vault.aws.getAccessCredentials

Explore with Pulumi AI

vault logo
HashiCorp Vault v5.15.1 published on Tuesday, Sep 26, 2023 by Pulumi

    Example Usage

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.aws.SecretBackend;
    import com.pulumi.vault.aws.SecretBackendArgs;
    import com.pulumi.vault.aws.SecretBackendRole;
    import com.pulumi.vault.aws.SecretBackendRoleArgs;
    import com.pulumi.vault.aws.AwsFunctions;
    import com.pulumi.vault.ad.inputs.GetAccessCredentialsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var aws = new SecretBackend("aws", SecretBackendArgs.builder()        
                .accessKey("AKIA.....")
                .secretKey("SECRETKEYFROMAWS")
                .build());
    
            var role = new SecretBackendRole("role", SecretBackendRoleArgs.builder()        
                .backend(aws.path())
                .policy("""
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": "iam:*",
          "Resource": "*"
        }
      ]
    }
                """)
                .build());
    
            final var creds = AwsFunctions.getAccessCredentials(GetAccessCredentialsArgs.builder()
                .backend(aws.path())
                .role(role.name())
                .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      aws:
        type: vault:aws:SecretBackend
        properties:
          accessKey: AKIA.....
          secretKey: SECRETKEYFROMAWS
      role:
        type: vault:aws:SecretBackendRole
        properties:
          backend: ${aws.path}
          policy: |
            {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": "iam:*",
                  "Resource": "*"
                }
              ]
            }        
    variables:
      creds:
        Fn::Invoke:
          Function: vault:aws:getAccessCredentials
          Arguments:
            backend: ${aws.path}
            role: ${role.name}
    

    Using getAccessCredentials

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getAccessCredentials(args: GetAccessCredentialsArgs, opts?: InvokeOptions): Promise<GetAccessCredentialsResult>
    function getAccessCredentialsOutput(args: GetAccessCredentialsOutputArgs, opts?: InvokeOptions): Output<GetAccessCredentialsResult>
    def get_access_credentials(backend: Optional[str] = None,
                               namespace: Optional[str] = None,
                               region: Optional[str] = None,
                               role: Optional[str] = None,
                               role_arn: Optional[str] = None,
                               ttl: Optional[str] = None,
                               type: Optional[str] = None,
                               opts: Optional[InvokeOptions] = None) -> GetAccessCredentialsResult
    def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
                               namespace: Optional[pulumi.Input[str]] = None,
                               region: Optional[pulumi.Input[str]] = None,
                               role: Optional[pulumi.Input[str]] = None,
                               role_arn: Optional[pulumi.Input[str]] = None,
                               ttl: Optional[pulumi.Input[str]] = None,
                               type: Optional[pulumi.Input[str]] = None,
                               opts: Optional[InvokeOptions] = None) -> Output[GetAccessCredentialsResult]
    func GetAccessCredentials(ctx *Context, args *GetAccessCredentialsArgs, opts ...InvokeOption) (*GetAccessCredentialsResult, error)
    func GetAccessCredentialsOutput(ctx *Context, args *GetAccessCredentialsOutputArgs, opts ...InvokeOption) GetAccessCredentialsResultOutput

    > Note: This function is named GetAccessCredentials in the Go SDK.

    public static class GetAccessCredentials 
    {
        public static Task<GetAccessCredentialsResult> InvokeAsync(GetAccessCredentialsArgs args, InvokeOptions? opts = null)
        public static Output<GetAccessCredentialsResult> Invoke(GetAccessCredentialsInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetAccessCredentialsResult> getAccessCredentials(GetAccessCredentialsArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: vault:aws/getAccessCredentials:getAccessCredentials
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Backend string

    The path to the AWS secret backend to read credentials from, with no leading or trailing /s.

    Role string

    The name of the AWS secret backend role to read credentials from, with no leading or trailing /s.

    Namespace string

    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    Region string

    The region the read credentials belong to.

    RoleArn string

    The specific AWS ARN to use from the configured role. If the role does not have multiple ARNs, this does not need to be specified.

    Ttl string

    Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when credential_type of the connected vault.aws.SecretBackendRole resource is assumed_role or federation_token

    Type string

    The type of credentials to read. Defaults to "creds", which just returns an AWS Access Key ID and Secret Key. Can also be set to "sts", which will return a security token in addition to the keys.

    Backend string

    The path to the AWS secret backend to read credentials from, with no leading or trailing /s.

    Role string

    The name of the AWS secret backend role to read credentials from, with no leading or trailing /s.

    Namespace string

    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    Region string

    The region the read credentials belong to.

    RoleArn string

    The specific AWS ARN to use from the configured role. If the role does not have multiple ARNs, this does not need to be specified.

    Ttl string

    Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when credential_type of the connected vault.aws.SecretBackendRole resource is assumed_role or federation_token

    Type string

    The type of credentials to read. Defaults to "creds", which just returns an AWS Access Key ID and Secret Key. Can also be set to "sts", which will return a security token in addition to the keys.

    backend String

    The path to the AWS secret backend to read credentials from, with no leading or trailing /s.

    role String

    The name of the AWS secret backend role to read credentials from, with no leading or trailing /s.

    namespace String

    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    region String

    The region the read credentials belong to.

    roleArn String

    The specific AWS ARN to use from the configured role. If the role does not have multiple ARNs, this does not need to be specified.

    ttl String

    Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when credential_type of the connected vault.aws.SecretBackendRole resource is assumed_role or federation_token

    type String

    The type of credentials to read. Defaults to "creds", which just returns an AWS Access Key ID and Secret Key. Can also be set to "sts", which will return a security token in addition to the keys.

    backend string

    The path to the AWS secret backend to read credentials from, with no leading or trailing /s.

    role string

    The name of the AWS secret backend role to read credentials from, with no leading or trailing /s.

    namespace string

    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    region string

    The region the read credentials belong to.

    roleArn string

    The specific AWS ARN to use from the configured role. If the role does not have multiple ARNs, this does not need to be specified.

    ttl string

    Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when credential_type of the connected vault.aws.SecretBackendRole resource is assumed_role or federation_token

    type string

    The type of credentials to read. Defaults to "creds", which just returns an AWS Access Key ID and Secret Key. Can also be set to "sts", which will return a security token in addition to the keys.

    backend str

    The path to the AWS secret backend to read credentials from, with no leading or trailing /s.

    role str

    The name of the AWS secret backend role to read credentials from, with no leading or trailing /s.

    namespace str

    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    region str

    The region the read credentials belong to.

    role_arn str

    The specific AWS ARN to use from the configured role. If the role does not have multiple ARNs, this does not need to be specified.

    ttl str

    Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when credential_type of the connected vault.aws.SecretBackendRole resource is assumed_role or federation_token

    type str

    The type of credentials to read. Defaults to "creds", which just returns an AWS Access Key ID and Secret Key. Can also be set to "sts", which will return a security token in addition to the keys.

    backend String

    The path to the AWS secret backend to read credentials from, with no leading or trailing /s.

    role String

    The name of the AWS secret backend role to read credentials from, with no leading or trailing /s.

    namespace String

    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    region String

    The region the read credentials belong to.

    roleArn String

    The specific AWS ARN to use from the configured role. If the role does not have multiple ARNs, this does not need to be specified.

    ttl String

    Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when credential_type of the connected vault.aws.SecretBackendRole resource is assumed_role or federation_token

    type String

    The type of credentials to read. Defaults to "creds", which just returns an AWS Access Key ID and Secret Key. Can also be set to "sts", which will return a security token in addition to the keys.

    getAccessCredentials Result

    The following output properties are available:

    AccessKey string

    The AWS Access Key ID returned by Vault.

    Backend string
    Id string

    The provider-assigned unique ID for this managed resource.

    LeaseDuration int

    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.

    LeaseId string

    The lease identifier assigned by Vault.

    LeaseRenewable bool
    LeaseStartTime string
    Role string
    SecretKey string

    The AWS Secret Key returned by Vault.

    SecurityToken string

    The STS token returned by Vault, if any.

    Namespace string
    Region string
    RoleArn string
    Ttl string
    Type string
    AccessKey string

    The AWS Access Key ID returned by Vault.

    Backend string
    Id string

    The provider-assigned unique ID for this managed resource.

    LeaseDuration int

    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.

    LeaseId string

    The lease identifier assigned by Vault.

    LeaseRenewable bool
    LeaseStartTime string
    Role string
    SecretKey string

    The AWS Secret Key returned by Vault.

    SecurityToken string

    The STS token returned by Vault, if any.

    Namespace string
    Region string
    RoleArn string
    Ttl string
    Type string
    accessKey String

    The AWS Access Key ID returned by Vault.

    backend String
    id String

    The provider-assigned unique ID for this managed resource.

    leaseDuration Integer

    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.

    leaseId String

    The lease identifier assigned by Vault.

    leaseRenewable Boolean
    leaseStartTime String
    role String
    secretKey String

    The AWS Secret Key returned by Vault.

    securityToken String

    The STS token returned by Vault, if any.

    namespace String
    region String
    roleArn String
    ttl String
    type String
    accessKey string

    The AWS Access Key ID returned by Vault.

    backend string
    id string

    The provider-assigned unique ID for this managed resource.

    leaseDuration number

    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.

    leaseId string

    The lease identifier assigned by Vault.

    leaseRenewable boolean
    leaseStartTime string
    role string
    secretKey string

    The AWS Secret Key returned by Vault.

    securityToken string

    The STS token returned by Vault, if any.

    namespace string
    region string
    roleArn string
    ttl string
    type string
    access_key str

    The AWS Access Key ID returned by Vault.

    backend str
    id str

    The provider-assigned unique ID for this managed resource.

    lease_duration int

    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.

    lease_id str

    The lease identifier assigned by Vault.

    lease_renewable bool
    lease_start_time str
    role str
    secret_key str

    The AWS Secret Key returned by Vault.

    security_token str

    The STS token returned by Vault, if any.

    namespace str
    region str
    role_arn str
    ttl str
    type str
    accessKey String

    The AWS Access Key ID returned by Vault.

    backend String
    id String

    The provider-assigned unique ID for this managed resource.

    leaseDuration Number

    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.

    leaseId String

    The lease identifier assigned by Vault.

    leaseRenewable Boolean
    leaseStartTime String
    role String
    secretKey String

    The AWS Secret Key returned by Vault.

    securityToken String

    The STS token returned by Vault, if any.

    namespace String
    region String
    roleArn String
    ttl String
    type String

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the vault Terraform Provider.

    vault logo
    HashiCorp Vault v5.15.1 published on Tuesday, Sep 26, 2023 by Pulumi