1. Packages
  2. HashiCorp Vault
  3. API Docs
  4. azure
  5. getAccessCredentials
HashiCorp Vault v6.2.0 published on Friday, Jun 21, 2024 by Pulumi

vault.azure.getAccessCredentials

Explore with Pulumi AI

vault logo
HashiCorp Vault v6.2.0 published on Friday, Jun 21, 2024 by Pulumi

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const creds = vault.azure.getAccessCredentials({
        role: "my-role",
        validateCreds: true,
        numSequentialSuccesses: 8,
        numSecondsBetweenTests: 1,
        maxCredValidationSeconds: 300,
    });
    
    import pulumi
    import pulumi_vault as vault
    
    creds = vault.azure.get_access_credentials(role="my-role",
        validate_creds=True,
        num_sequential_successes=8,
        num_seconds_between_tests=1,
        max_cred_validation_seconds=300)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := azure.GetAccessCredentials(ctx, &azure.GetAccessCredentialsArgs{
    			Role:                     "my-role",
    			ValidateCreds:            pulumi.BoolRef(true),
    			NumSequentialSuccesses:   pulumi.IntRef(8),
    			NumSecondsBetweenTests:   pulumi.IntRef(1),
    			MaxCredValidationSeconds: pulumi.IntRef(300),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var creds = Vault.Azure.GetAccessCredentials.Invoke(new()
        {
            Role = "my-role",
            ValidateCreds = true,
            NumSequentialSuccesses = 8,
            NumSecondsBetweenTests = 1,
            MaxCredValidationSeconds = 300,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.azure.AzureFunctions;
    import com.pulumi.vault.azure.inputs.GetAccessCredentialsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var creds = AzureFunctions.getAccessCredentials(GetAccessCredentialsArgs.builder()
                .role("my-role")
                .validateCreds(true)
                .numSequentialSuccesses(8)
                .numSecondsBetweenTests(1)
                .maxCredValidationSeconds(300)
                .build());
    
        }
    }
    
    variables:
      creds:
        fn::invoke:
          Function: vault:azure:getAccessCredentials
          Arguments:
            role: my-role
            validateCreds: true
            numSequentialSuccesses: 8
            numSecondsBetweenTests: 1
            maxCredValidationSeconds: 300
    

    Caveats

    The validate_creds option requires read-access to the backend config endpoint. If the effective Vault role does not have the required permissions then valid values are required to be set for: subscription_id, tenant_id, environment.

    Using getAccessCredentials

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getAccessCredentials(args: GetAccessCredentialsArgs, opts?: InvokeOptions): Promise<GetAccessCredentialsResult>
    function getAccessCredentialsOutput(args: GetAccessCredentialsOutputArgs, opts?: InvokeOptions): Output<GetAccessCredentialsResult>
    def get_access_credentials(backend: Optional[str] = None,
                               environment: Optional[str] = None,
                               max_cred_validation_seconds: Optional[int] = None,
                               namespace: Optional[str] = None,
                               num_seconds_between_tests: Optional[int] = None,
                               num_sequential_successes: Optional[int] = None,
                               role: Optional[str] = None,
                               subscription_id: Optional[str] = None,
                               tenant_id: Optional[str] = None,
                               validate_creds: Optional[bool] = None,
                               opts: Optional[InvokeOptions] = None) -> GetAccessCredentialsResult
    def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
                               environment: Optional[pulumi.Input[str]] = None,
                               max_cred_validation_seconds: Optional[pulumi.Input[int]] = None,
                               namespace: Optional[pulumi.Input[str]] = None,
                               num_seconds_between_tests: Optional[pulumi.Input[int]] = None,
                               num_sequential_successes: Optional[pulumi.Input[int]] = None,
                               role: Optional[pulumi.Input[str]] = None,
                               subscription_id: Optional[pulumi.Input[str]] = None,
                               tenant_id: Optional[pulumi.Input[str]] = None,
                               validate_creds: Optional[pulumi.Input[bool]] = None,
                               opts: Optional[InvokeOptions] = None) -> Output[GetAccessCredentialsResult]
    func GetAccessCredentials(ctx *Context, args *GetAccessCredentialsArgs, opts ...InvokeOption) (*GetAccessCredentialsResult, error)
    func GetAccessCredentialsOutput(ctx *Context, args *GetAccessCredentialsOutputArgs, opts ...InvokeOption) GetAccessCredentialsResultOutput

    > Note: This function is named GetAccessCredentials in the Go SDK.

    public static class GetAccessCredentials 
    {
        public static Task<GetAccessCredentialsResult> InvokeAsync(GetAccessCredentialsArgs args, InvokeOptions? opts = null)
        public static Output<GetAccessCredentialsResult> Invoke(GetAccessCredentialsInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetAccessCredentialsResult> getAccessCredentials(GetAccessCredentialsArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: vault:azure/getAccessCredentials:getAccessCredentials
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Backend string
    The path to the Azure secret backend to read credentials from, with no leading or trailing /s.
    Role string
    The name of the Azure secret backend role to read credentials from, with no leading or trailing /s.
    Environment string
    The Azure environment to use during credential validation. Defaults to the environment configured in the Vault backend. Some possible values: AzurePublicCloud, AzureGovernmentCloud See the caveats section for more information on this field.
    MaxCredValidationSeconds int
    If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    NumSecondsBetweenTests int
    If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.
    NumSequentialSuccesses int
    If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.
    SubscriptionId string
    The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault backend. See the caveats section for more information on this field.
    TenantId string
    The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault backend. See the caveats section for more information on this field.
    ValidateCreds bool
    Whether generated credentials should be validated before being returned. Defaults to false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designating true activates testing.
    Backend string
    The path to the Azure secret backend to read credentials from, with no leading or trailing /s.
    Role string
    The name of the Azure secret backend role to read credentials from, with no leading or trailing /s.
    Environment string
    The Azure environment to use during credential validation. Defaults to the environment configured in the Vault backend. Some possible values: AzurePublicCloud, AzureGovernmentCloud See the caveats section for more information on this field.
    MaxCredValidationSeconds int
    If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    NumSecondsBetweenTests int
    If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.
    NumSequentialSuccesses int
    If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.
    SubscriptionId string
    The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault backend. See the caveats section for more information on this field.
    TenantId string
    The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault backend. See the caveats section for more information on this field.
    ValidateCreds bool
    Whether generated credentials should be validated before being returned. Defaults to false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designating true activates testing.
    backend String
    The path to the Azure secret backend to read credentials from, with no leading or trailing /s.
    role String
    The name of the Azure secret backend role to read credentials from, with no leading or trailing /s.
    environment String
    The Azure environment to use during credential validation. Defaults to the environment configured in the Vault backend. Some possible values: AzurePublicCloud, AzureGovernmentCloud See the caveats section for more information on this field.
    maxCredValidationSeconds Integer
    If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    numSecondsBetweenTests Integer
    If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.
    numSequentialSuccesses Integer
    If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.
    subscriptionId String
    The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault backend. See the caveats section for more information on this field.
    tenantId String
    The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault backend. See the caveats section for more information on this field.
    validateCreds Boolean
    Whether generated credentials should be validated before being returned. Defaults to false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designating true activates testing.
    backend string
    The path to the Azure secret backend to read credentials from, with no leading or trailing /s.
    role string
    The name of the Azure secret backend role to read credentials from, with no leading or trailing /s.
    environment string
    The Azure environment to use during credential validation. Defaults to the environment configured in the Vault backend. Some possible values: AzurePublicCloud, AzureGovernmentCloud See the caveats section for more information on this field.
    maxCredValidationSeconds number
    If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.
    namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    numSecondsBetweenTests number
    If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.
    numSequentialSuccesses number
    If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.
    subscriptionId string
    The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault backend. See the caveats section for more information on this field.
    tenantId string
    The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault backend. See the caveats section for more information on this field.
    validateCreds boolean
    Whether generated credentials should be validated before being returned. Defaults to false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designating true activates testing.
    backend str
    The path to the Azure secret backend to read credentials from, with no leading or trailing /s.
    role str
    The name of the Azure secret backend role to read credentials from, with no leading or trailing /s.
    environment str
    The Azure environment to use during credential validation. Defaults to the environment configured in the Vault backend. Some possible values: AzurePublicCloud, AzureGovernmentCloud See the caveats section for more information on this field.
    max_cred_validation_seconds int
    If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.
    namespace str
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    num_seconds_between_tests int
    If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.
    num_sequential_successes int
    If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.
    subscription_id str
    The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault backend. See the caveats section for more information on this field.
    tenant_id str
    The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault backend. See the caveats section for more information on this field.
    validate_creds bool
    Whether generated credentials should be validated before being returned. Defaults to false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designating true activates testing.
    backend String
    The path to the Azure secret backend to read credentials from, with no leading or trailing /s.
    role String
    The name of the Azure secret backend role to read credentials from, with no leading or trailing /s.
    environment String
    The Azure environment to use during credential validation. Defaults to the environment configured in the Vault backend. Some possible values: AzurePublicCloud, AzureGovernmentCloud See the caveats section for more information on this field.
    maxCredValidationSeconds Number
    If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    numSecondsBetweenTests Number
    If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.
    numSequentialSuccesses Number
    If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.
    subscriptionId String
    The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault backend. See the caveats section for more information on this field.
    tenantId String
    The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault backend. See the caveats section for more information on this field.
    validateCreds Boolean
    Whether generated credentials should be validated before being returned. Defaults to false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designating true activates testing.

    getAccessCredentials Result

    The following output properties are available:

    Backend string
    ClientId string
    The client id for credentials to query the Azure APIs.
    ClientSecret string
    The client secret for credentials to query the Azure APIs.
    Id string
    The provider-assigned unique ID for this managed resource.
    LeaseDuration int
    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
    LeaseId string
    The lease identifier assigned by Vault.
    LeaseRenewable bool
    LeaseStartTime string
    Role string
    Environment string
    MaxCredValidationSeconds int
    Namespace string
    NumSecondsBetweenTests int
    NumSequentialSuccesses int
    SubscriptionId string
    TenantId string
    ValidateCreds bool
    Backend string
    ClientId string
    The client id for credentials to query the Azure APIs.
    ClientSecret string
    The client secret for credentials to query the Azure APIs.
    Id string
    The provider-assigned unique ID for this managed resource.
    LeaseDuration int
    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
    LeaseId string
    The lease identifier assigned by Vault.
    LeaseRenewable bool
    LeaseStartTime string
    Role string
    Environment string
    MaxCredValidationSeconds int
    Namespace string
    NumSecondsBetweenTests int
    NumSequentialSuccesses int
    SubscriptionId string
    TenantId string
    ValidateCreds bool
    backend String
    clientId String
    The client id for credentials to query the Azure APIs.
    clientSecret String
    The client secret for credentials to query the Azure APIs.
    id String
    The provider-assigned unique ID for this managed resource.
    leaseDuration Integer
    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
    leaseId String
    The lease identifier assigned by Vault.
    leaseRenewable Boolean
    leaseStartTime String
    role String
    environment String
    maxCredValidationSeconds Integer
    namespace String
    numSecondsBetweenTests Integer
    numSequentialSuccesses Integer
    subscriptionId String
    tenantId String
    validateCreds Boolean
    backend string
    clientId string
    The client id for credentials to query the Azure APIs.
    clientSecret string
    The client secret for credentials to query the Azure APIs.
    id string
    The provider-assigned unique ID for this managed resource.
    leaseDuration number
    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
    leaseId string
    The lease identifier assigned by Vault.
    leaseRenewable boolean
    leaseStartTime string
    role string
    environment string
    maxCredValidationSeconds number
    namespace string
    numSecondsBetweenTests number
    numSequentialSuccesses number
    subscriptionId string
    tenantId string
    validateCreds boolean
    backend str
    client_id str
    The client id for credentials to query the Azure APIs.
    client_secret str
    The client secret for credentials to query the Azure APIs.
    id str
    The provider-assigned unique ID for this managed resource.
    lease_duration int
    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
    lease_id str
    The lease identifier assigned by Vault.
    lease_renewable bool
    lease_start_time str
    role str
    environment str
    max_cred_validation_seconds int
    namespace str
    num_seconds_between_tests int
    num_sequential_successes int
    subscription_id str
    tenant_id str
    validate_creds bool
    backend String
    clientId String
    The client id for credentials to query the Azure APIs.
    clientSecret String
    The client secret for credentials to query the Azure APIs.
    id String
    The provider-assigned unique ID for this managed resource.
    leaseDuration Number
    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
    leaseId String
    The lease identifier assigned by Vault.
    leaseRenewable Boolean
    leaseStartTime String
    role String
    environment String
    maxCredValidationSeconds Number
    namespace String
    numSecondsBetweenTests Number
    numSequentialSuccesses Number
    subscriptionId String
    tenantId String
    validateCreds Boolean

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v6.2.0 published on Friday, Jun 21, 2024 by Pulumi