Docs Home
HashiCorp Vault v6.7.1 published on Friday, May 2, 2025 by Pulumi
vault.azure.getAccessCredentials
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const creds = vault.azure.getAccessCredentials({
role: "my-role",
validateCreds: true,
numSequentialSuccesses: 8,
numSecondsBetweenTests: 1,
maxCredValidationSeconds: 300,
});
import pulumi
import pulumi_vault as vault
creds = vault.azure.get_access_credentials(role="my-role",
validate_creds=True,
num_sequential_successes=8,
num_seconds_between_tests=1,
max_cred_validation_seconds=300)
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := azure.GetAccessCredentials(ctx, &azure.GetAccessCredentialsArgs{
Role: "my-role",
ValidateCreds: pulumi.BoolRef(true),
NumSequentialSuccesses: pulumi.IntRef(8),
NumSecondsBetweenTests: pulumi.IntRef(1),
MaxCredValidationSeconds: pulumi.IntRef(300),
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var creds = Vault.Azure.GetAccessCredentials.Invoke(new()
{
Role = "my-role",
ValidateCreds = true,
NumSequentialSuccesses = 8,
NumSecondsBetweenTests = 1,
MaxCredValidationSeconds = 300,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.azure.AzureFunctions;
import com.pulumi.vault.azure.inputs.GetAccessCredentialsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var creds = AzureFunctions.getAccessCredentials(GetAccessCredentialsArgs.builder()
.role("my-role")
.validateCreds(true)
.numSequentialSuccesses(8)
.numSecondsBetweenTests(1)
.maxCredValidationSeconds(300)
.build());
}
}
variables:
creds:
fn::invoke:
function: vault:azure:getAccessCredentials
arguments:
role: my-role
validateCreds: true
numSequentialSuccesses: 8
numSecondsBetweenTests: 1
maxCredValidationSeconds: 300
Caveats
The validate_creds option requires read-access to the backend config endpoint.
If the effective Vault role does not have the required permissions then valid values
are required to be set for: subscription_id, tenant_id, environment.
Using getAccessCredentials
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAccessCredentials(args: GetAccessCredentialsArgs, opts?: InvokeOptions): Promise<GetAccessCredentialsResult>
function getAccessCredentialsOutput(args: GetAccessCredentialsOutputArgs, opts?: InvokeOptions): Output<GetAccessCredentialsResult>def get_access_credentials(backend: Optional[str] = None,
environment: Optional[str] = None,
max_cred_validation_seconds: Optional[int] = None,
namespace: Optional[str] = None,
num_seconds_between_tests: Optional[int] = None,
num_sequential_successes: Optional[int] = None,
role: Optional[str] = None,
subscription_id: Optional[str] = None,
tenant_id: Optional[str] = None,
validate_creds: Optional[bool] = None,
opts: Optional[InvokeOptions] = None) -> GetAccessCredentialsResult
def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
environment: Optional[pulumi.Input[str]] = None,
max_cred_validation_seconds: Optional[pulumi.Input[int]] = None,
namespace: Optional[pulumi.Input[str]] = None,
num_seconds_between_tests: Optional[pulumi.Input[int]] = None,
num_sequential_successes: Optional[pulumi.Input[int]] = None,
role: Optional[pulumi.Input[str]] = None,
subscription_id: Optional[pulumi.Input[str]] = None,
tenant_id: Optional[pulumi.Input[str]] = None,
validate_creds: Optional[pulumi.Input[bool]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetAccessCredentialsResult]func GetAccessCredentials(ctx *Context, args *GetAccessCredentialsArgs, opts ...InvokeOption) (*GetAccessCredentialsResult, error)
func GetAccessCredentialsOutput(ctx *Context, args *GetAccessCredentialsOutputArgs, opts ...InvokeOption) GetAccessCredentialsResultOutput> Note: This function is named GetAccessCredentials in the Go SDK.
public static class GetAccessCredentials
{
public static Task<GetAccessCredentialsResult> InvokeAsync(GetAccessCredentialsArgs args, InvokeOptions? opts = null)
public static Output<GetAccessCredentialsResult> Invoke(GetAccessCredentialsInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetAccessCredentialsResult> getAccessCredentials(GetAccessCredentialsArgs args, InvokeOptions options)
public static Output<GetAccessCredentialsResult> getAccessCredentials(GetAccessCredentialsArgs args, InvokeOptions options)
fn::invoke:
function: vault:azure/getAccessCredentials:getAccessCredentials
arguments:
# arguments dictionaryThe following arguments are supported:
- Backend string
- The path to the Azure secret backend to
read credentials from, with no leading or trailing
/s. - Role string
- The name of the Azure secret backend role to read
credentials from, with no leading or trailing
/s. - Environment string
- The Azure environment to use during credential validation.
Defaults to the environment configured in the Vault backend.
Some possible values:
AzurePublicCloud,AzureGovernmentCloudSee the caveats section for more information on this field. - Max
Cred intValidation Seconds - If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.
- Namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Num
Seconds intBetween Tests - If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.
- Num
Sequential intSuccesses - If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.
- Subscription
Id string - The subscription ID to use during credential
validation. Defaults to the subscription ID configured in the Vault
backend. See the caveats section for more information on this field. - Tenant
Id string - The tenant ID to use during credential validation.
Defaults to the tenant ID configured in the Vault
backend. See the caveats section for more information on this field. - Validate
Creds bool - Whether generated credentials should be
validated before being returned. Defaults to
false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designatingtrueactivates testing.
- Backend string
- The path to the Azure secret backend to
read credentials from, with no leading or trailing
/s. - Role string
- The name of the Azure secret backend role to read
credentials from, with no leading or trailing
/s. - Environment string
- The Azure environment to use during credential validation.
Defaults to the environment configured in the Vault backend.
Some possible values:
AzurePublicCloud,AzureGovernmentCloudSee the caveats section for more information on this field. - Max
Cred intValidation Seconds - If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.
- Namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Num
Seconds intBetween Tests - If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.
- Num
Sequential intSuccesses - If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.
- Subscription
Id string - The subscription ID to use during credential
validation. Defaults to the subscription ID configured in the Vault
backend. See the caveats section for more information on this field. - Tenant
Id string - The tenant ID to use during credential validation.
Defaults to the tenant ID configured in the Vault
backend. See the caveats section for more information on this field. - Validate
Creds bool - Whether generated credentials should be
validated before being returned. Defaults to
false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designatingtrueactivates testing.
- backend String
- The path to the Azure secret backend to
read credentials from, with no leading or trailing
/s. - role String
- The name of the Azure secret backend role to read
credentials from, with no leading or trailing
/s. - environment String
- The Azure environment to use during credential validation.
Defaults to the environment configured in the Vault backend.
Some possible values:
AzurePublicCloud,AzureGovernmentCloudSee the caveats section for more information on this field. - max
Cred IntegerValidation Seconds - If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.
- namespace String
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - num
Seconds IntegerBetween Tests - If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.
- num
Sequential IntegerSuccesses - If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.
- subscription
Id String - The subscription ID to use during credential
validation. Defaults to the subscription ID configured in the Vault
backend. See the caveats section for more information on this field. - tenant
Id String - The tenant ID to use during credential validation.
Defaults to the tenant ID configured in the Vault
backend. See the caveats section for more information on this field. - validate
Creds Boolean - Whether generated credentials should be
validated before being returned. Defaults to
false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designatingtrueactivates testing.
- backend string
- The path to the Azure secret backend to
read credentials from, with no leading or trailing
/s. - role string
- The name of the Azure secret backend role to read
credentials from, with no leading or trailing
/s. - environment string
- The Azure environment to use during credential validation.
Defaults to the environment configured in the Vault backend.
Some possible values:
AzurePublicCloud,AzureGovernmentCloudSee the caveats section for more information on this field. - max
Cred numberValidation Seconds - If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.
- namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - num
Seconds numberBetween Tests - If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.
- num
Sequential numberSuccesses - If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.
- subscription
Id string - The subscription ID to use during credential
validation. Defaults to the subscription ID configured in the Vault
backend. See the caveats section for more information on this field. - tenant
Id string - The tenant ID to use during credential validation.
Defaults to the tenant ID configured in the Vault
backend. See the caveats section for more information on this field. - validate
Creds boolean - Whether generated credentials should be
validated before being returned. Defaults to
false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designatingtrueactivates testing.
- backend str
- The path to the Azure secret backend to
read credentials from, with no leading or trailing
/s. - role str
- The name of the Azure secret backend role to read
credentials from, with no leading or trailing
/s. - environment str
- The Azure environment to use during credential validation.
Defaults to the environment configured in the Vault backend.
Some possible values:
AzurePublicCloud,AzureGovernmentCloudSee the caveats section for more information on this field. - max_
cred_ intvalidation_ seconds - If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.
- namespace str
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - num_
seconds_ intbetween_ tests - If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.
- num_
sequential_ intsuccesses - If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.
- subscription_
id str - The subscription ID to use during credential
validation. Defaults to the subscription ID configured in the Vault
backend. See the caveats section for more information on this field. - tenant_
id str - The tenant ID to use during credential validation.
Defaults to the tenant ID configured in the Vault
backend. See the caveats section for more information on this field. - validate_
creds bool - Whether generated credentials should be
validated before being returned. Defaults to
false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designatingtrueactivates testing.
- backend String
- The path to the Azure secret backend to
read credentials from, with no leading or trailing
/s. - role String
- The name of the Azure secret backend role to read
credentials from, with no leading or trailing
/s. - environment String
- The Azure environment to use during credential validation.
Defaults to the environment configured in the Vault backend.
Some possible values:
AzurePublicCloud,AzureGovernmentCloudSee the caveats section for more information on this field. - max
Cred NumberValidation Seconds - If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.
- namespace String
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - num
Seconds NumberBetween Tests - If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.
- num
Sequential NumberSuccesses - If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.
- subscription
Id String - The subscription ID to use during credential
validation. Defaults to the subscription ID configured in the Vault
backend. See the caveats section for more information on this field. - tenant
Id String - The tenant ID to use during credential validation.
Defaults to the tenant ID configured in the Vault
backend. See the caveats section for more information on this field. - validate
Creds Boolean - Whether generated credentials should be
validated before being returned. Defaults to
false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designatingtrueactivates testing.
getAccessCredentials Result
The following output properties are available:
- Backend string
- Client
Id string - The client id for credentials to query the Azure APIs.
- Client
Secret string - The client secret for credentials to query the Azure APIs.
- Id string
- The provider-assigned unique ID for this managed resource.
- Lease
Duration int - The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
- Lease
Id string - The lease identifier assigned by Vault.
- Lease
Renewable bool - Lease
Start stringTime - Role string
- Environment string
- Max
Cred intValidation Seconds - Namespace string
- Num
Seconds intBetween Tests - Num
Sequential intSuccesses - Subscription
Id string - Tenant
Id string - Validate
Creds bool
- Backend string
- Client
Id string - The client id for credentials to query the Azure APIs.
- Client
Secret string - The client secret for credentials to query the Azure APIs.
- Id string
- The provider-assigned unique ID for this managed resource.
- Lease
Duration int - The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
- Lease
Id string - The lease identifier assigned by Vault.
- Lease
Renewable bool - Lease
Start stringTime - Role string
- Environment string
- Max
Cred intValidation Seconds - Namespace string
- Num
Seconds intBetween Tests - Num
Sequential intSuccesses - Subscription
Id string - Tenant
Id string - Validate
Creds bool
- backend String
- client
Id String - The client id for credentials to query the Azure APIs.
- client
Secret String - The client secret for credentials to query the Azure APIs.
- id String
- The provider-assigned unique ID for this managed resource.
- lease
Duration Integer - The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
- lease
Id String - The lease identifier assigned by Vault.
- lease
Renewable Boolean - lease
Start StringTime - role String
- environment String
- max
Cred IntegerValidation Seconds - namespace String
- num
Seconds IntegerBetween Tests - num
Sequential IntegerSuccesses - subscription
Id String - tenant
Id String - validate
Creds Boolean
- backend string
- client
Id string - The client id for credentials to query the Azure APIs.
- client
Secret string - The client secret for credentials to query the Azure APIs.
- id string
- The provider-assigned unique ID for this managed resource.
- lease
Duration number - The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
- lease
Id string - The lease identifier assigned by Vault.
- lease
Renewable boolean - lease
Start stringTime - role string
- environment string
- max
Cred numberValidation Seconds - namespace string
- num
Seconds numberBetween Tests - num
Sequential numberSuccesses - subscription
Id string - tenant
Id string - validate
Creds boolean
- backend str
- client_
id str - The client id for credentials to query the Azure APIs.
- client_
secret str - The client secret for credentials to query the Azure APIs.
- id str
- The provider-assigned unique ID for this managed resource.
- lease_
duration int - The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
- lease_
id str - The lease identifier assigned by Vault.
- lease_
renewable bool - lease_
start_ strtime - role str
- environment str
- max_
cred_ intvalidation_ seconds - namespace str
- num_
seconds_ intbetween_ tests - num_
sequential_ intsuccesses - subscription_
id str - tenant_
id str - validate_
creds bool
- backend String
- client
Id String - The client id for credentials to query the Azure APIs.
- client
Secret String - The client secret for credentials to query the Azure APIs.
- id String
- The provider-assigned unique ID for this managed resource.
- lease
Duration Number - The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
- lease
Id String - The lease identifier assigned by Vault.
- lease
Renewable Boolean - lease
Start StringTime - role String
- environment String
- max
Cred NumberValidation Seconds - namespace String
- num
Seconds NumberBetween Tests - num
Sequential NumberSuccesses - subscription
Id String - tenant
Id String - validate
Creds Boolean
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vaultTerraform Provider.