vault logo
HashiCorp Vault v5.10.0, Mar 21 23

vault.azure.getAccessCredentials

Caveats

The validate_creds option requires read-access to the backend config endpoint. If the effective Vault role does not have the required permissions then valid values are required to be set for: subscription_id, tenant_id, environment.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Vault = Pulumi.Vault;

return await Deployment.RunAsync(() => 
{
    var creds = Vault.Azure.GetAccessCredentials.Invoke(new()
    {
        Role = "my-role",
        ValidateCreds = true,
        NumSequentialSuccesses = 8,
        NumSecondsBetweenTests = 1,
        MaxCredValidationSeconds = 300,
    });

});
package main

import (
	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/azure"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := azure.GetAccessCredentials(ctx, &azure.GetAccessCredentialsArgs{
			Role:                     "my-role",
			ValidateCreds:            pulumi.BoolRef(true),
			NumSequentialSuccesses:   pulumi.IntRef(8),
			NumSecondsBetweenTests:   pulumi.IntRef(1),
			MaxCredValidationSeconds: pulumi.IntRef(300),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.azure.AzureFunctions;
import com.pulumi.vault.ad.inputs.GetAccessCredentialsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var creds = AzureFunctions.getAccessCredentials(GetAccessCredentialsArgs.builder()
            .role("my-role")
            .validateCreds(true)
            .numSequentialSuccesses(8)
            .numSecondsBetweenTests(1)
            .maxCredValidationSeconds(300)
            .build());

    }
}
import pulumi
import pulumi_vault as vault

creds = vault.azure.get_access_credentials(role="my-role",
    validate_creds=True,
    num_sequential_successes=8,
    num_seconds_between_tests=1,
    max_cred_validation_seconds=300)
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const creds = vault.azure.getAccessCredentials({
    role: "my-role",
    validateCreds: true,
    numSequentialSuccesses: 8,
    numSecondsBetweenTests: 1,
    maxCredValidationSeconds: 300,
});
variables:
  creds:
    Fn::Invoke:
      Function: vault:azure:getAccessCredentials
      Arguments:
        role: my-role
        validateCreds: true
        numSequentialSuccesses: 8
        numSecondsBetweenTests: 1
        maxCredValidationSeconds: 300

Using getAccessCredentials

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getAccessCredentials(args: GetAccessCredentialsArgs, opts?: InvokeOptions): Promise<GetAccessCredentialsResult>
function getAccessCredentialsOutput(args: GetAccessCredentialsOutputArgs, opts?: InvokeOptions): Output<GetAccessCredentialsResult>
def get_access_credentials(backend: Optional[str] = None,
                           environment: Optional[str] = None,
                           max_cred_validation_seconds: Optional[int] = None,
                           namespace: Optional[str] = None,
                           num_seconds_between_tests: Optional[int] = None,
                           num_sequential_successes: Optional[int] = None,
                           role: Optional[str] = None,
                           subscription_id: Optional[str] = None,
                           tenant_id: Optional[str] = None,
                           validate_creds: Optional[bool] = None,
                           opts: Optional[InvokeOptions] = None) -> GetAccessCredentialsResult
def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
                           environment: Optional[pulumi.Input[str]] = None,
                           max_cred_validation_seconds: Optional[pulumi.Input[int]] = None,
                           namespace: Optional[pulumi.Input[str]] = None,
                           num_seconds_between_tests: Optional[pulumi.Input[int]] = None,
                           num_sequential_successes: Optional[pulumi.Input[int]] = None,
                           role: Optional[pulumi.Input[str]] = None,
                           subscription_id: Optional[pulumi.Input[str]] = None,
                           tenant_id: Optional[pulumi.Input[str]] = None,
                           validate_creds: Optional[pulumi.Input[bool]] = None,
                           opts: Optional[InvokeOptions] = None) -> Output[GetAccessCredentialsResult]
func GetAccessCredentials(ctx *Context, args *GetAccessCredentialsArgs, opts ...InvokeOption) (*GetAccessCredentialsResult, error)
func GetAccessCredentialsOutput(ctx *Context, args *GetAccessCredentialsOutputArgs, opts ...InvokeOption) GetAccessCredentialsResultOutput

> Note: This function is named GetAccessCredentials in the Go SDK.

public static class GetAccessCredentials 
{
    public static Task<GetAccessCredentialsResult> InvokeAsync(GetAccessCredentialsArgs args, InvokeOptions? opts = null)
    public static Output<GetAccessCredentialsResult> Invoke(GetAccessCredentialsInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetAccessCredentialsResult> getAccessCredentials(GetAccessCredentialsArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: vault:azure/getAccessCredentials:getAccessCredentials
  arguments:
    # arguments dictionary

The following arguments are supported:

Backend string

The path to the Azure secret backend to read credentials from, with no leading or trailing /s.

Role string

The name of the Azure secret backend role to read credentials from, with no leading or trailing /s.

Environment string

The Azure environment to use during credential validation. Defaults to the environment configured in the Vault backend. Some possible values: AzurePublicCloud, AzureGovernmentCloud See the caveats section for more information on this field.

MaxCredValidationSeconds int

If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.

Namespace string

The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

NumSecondsBetweenTests int

If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.

NumSequentialSuccesses int

If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.

SubscriptionId string

The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault backend. See the caveats section for more information on this field.

TenantId string

The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault backend. See the caveats section for more information on this field.

ValidateCreds bool

Whether generated credentials should be validated before being returned. Defaults to false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designating true activates testing.

Backend string

The path to the Azure secret backend to read credentials from, with no leading or trailing /s.

Role string

The name of the Azure secret backend role to read credentials from, with no leading or trailing /s.

Environment string

The Azure environment to use during credential validation. Defaults to the environment configured in the Vault backend. Some possible values: AzurePublicCloud, AzureGovernmentCloud See the caveats section for more information on this field.

MaxCredValidationSeconds int

If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.

Namespace string

The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

NumSecondsBetweenTests int

If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.

NumSequentialSuccesses int

If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.

SubscriptionId string

The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault backend. See the caveats section for more information on this field.

TenantId string

The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault backend. See the caveats section for more information on this field.

ValidateCreds bool

Whether generated credentials should be validated before being returned. Defaults to false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designating true activates testing.

backend String

The path to the Azure secret backend to read credentials from, with no leading or trailing /s.

role String

The name of the Azure secret backend role to read credentials from, with no leading or trailing /s.

environment String

The Azure environment to use during credential validation. Defaults to the environment configured in the Vault backend. Some possible values: AzurePublicCloud, AzureGovernmentCloud See the caveats section for more information on this field.

maxCredValidationSeconds Integer

If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.

namespace String

The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

numSecondsBetweenTests Integer

If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.

numSequentialSuccesses Integer

If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.

subscriptionId String

The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault backend. See the caveats section for more information on this field.

tenantId String

The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault backend. See the caveats section for more information on this field.

validateCreds Boolean

Whether generated credentials should be validated before being returned. Defaults to false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designating true activates testing.

backend string

The path to the Azure secret backend to read credentials from, with no leading or trailing /s.

role string

The name of the Azure secret backend role to read credentials from, with no leading or trailing /s.

environment string

The Azure environment to use during credential validation. Defaults to the environment configured in the Vault backend. Some possible values: AzurePublicCloud, AzureGovernmentCloud See the caveats section for more information on this field.

maxCredValidationSeconds number

If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.

namespace string

The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

numSecondsBetweenTests number

If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.

numSequentialSuccesses number

If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.

subscriptionId string

The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault backend. See the caveats section for more information on this field.

tenantId string

The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault backend. See the caveats section for more information on this field.

validateCreds boolean

Whether generated credentials should be validated before being returned. Defaults to false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designating true activates testing.

backend str

The path to the Azure secret backend to read credentials from, with no leading or trailing /s.

role str

The name of the Azure secret backend role to read credentials from, with no leading or trailing /s.

environment str

The Azure environment to use during credential validation. Defaults to the environment configured in the Vault backend. Some possible values: AzurePublicCloud, AzureGovernmentCloud See the caveats section for more information on this field.

max_cred_validation_seconds int

If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.

namespace str

The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

num_seconds_between_tests int

If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.

num_sequential_successes int

If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.

subscription_id str

The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault backend. See the caveats section for more information on this field.

tenant_id str

The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault backend. See the caveats section for more information on this field.

validate_creds bool

Whether generated credentials should be validated before being returned. Defaults to false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designating true activates testing.

backend String

The path to the Azure secret backend to read credentials from, with no leading or trailing /s.

role String

The name of the Azure secret backend role to read credentials from, with no leading or trailing /s.

environment String

The Azure environment to use during credential validation. Defaults to the environment configured in the Vault backend. Some possible values: AzurePublicCloud, AzureGovernmentCloud See the caveats section for more information on this field.

maxCredValidationSeconds Number

If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.

namespace String

The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

numSecondsBetweenTests Number

If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.

numSequentialSuccesses Number

If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.

subscriptionId String

The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault backend. See the caveats section for more information on this field.

tenantId String

The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault backend. See the caveats section for more information on this field.

validateCreds Boolean

Whether generated credentials should be validated before being returned. Defaults to false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designating true activates testing.

getAccessCredentials Result

The following output properties are available:

Backend string
ClientId string

The client id for credentials to query the Azure APIs.

ClientSecret string

The client secret for credentials to query the Azure APIs.

Id string

The provider-assigned unique ID for this managed resource.

LeaseDuration int

The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.

LeaseId string

The lease identifier assigned by Vault.

LeaseRenewable bool
LeaseStartTime string
Role string
Environment string
MaxCredValidationSeconds int
Namespace string
NumSecondsBetweenTests int
NumSequentialSuccesses int
SubscriptionId string
TenantId string
ValidateCreds bool
Backend string
ClientId string

The client id for credentials to query the Azure APIs.

ClientSecret string

The client secret for credentials to query the Azure APIs.

Id string

The provider-assigned unique ID for this managed resource.

LeaseDuration int

The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.

LeaseId string

The lease identifier assigned by Vault.

LeaseRenewable bool
LeaseStartTime string
Role string
Environment string
MaxCredValidationSeconds int
Namespace string
NumSecondsBetweenTests int
NumSequentialSuccesses int
SubscriptionId string
TenantId string
ValidateCreds bool
backend String
clientId String

The client id for credentials to query the Azure APIs.

clientSecret String

The client secret for credentials to query the Azure APIs.

id String

The provider-assigned unique ID for this managed resource.

leaseDuration Integer

The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.

leaseId String

The lease identifier assigned by Vault.

leaseRenewable Boolean
leaseStartTime String
role String
environment String
maxCredValidationSeconds Integer
namespace String
numSecondsBetweenTests Integer
numSequentialSuccesses Integer
subscriptionId String
tenantId String
validateCreds Boolean
backend string
clientId string

The client id for credentials to query the Azure APIs.

clientSecret string

The client secret for credentials to query the Azure APIs.

id string

The provider-assigned unique ID for this managed resource.

leaseDuration number

The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.

leaseId string

The lease identifier assigned by Vault.

leaseRenewable boolean
leaseStartTime string
role string
environment string
maxCredValidationSeconds number
namespace string
numSecondsBetweenTests number
numSequentialSuccesses number
subscriptionId string
tenantId string
validateCreds boolean
backend str
client_id str

The client id for credentials to query the Azure APIs.

client_secret str

The client secret for credentials to query the Azure APIs.

id str

The provider-assigned unique ID for this managed resource.

lease_duration int

The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.

lease_id str

The lease identifier assigned by Vault.

lease_renewable bool
lease_start_time str
role str
environment str
max_cred_validation_seconds int
namespace str
num_seconds_between_tests int
num_sequential_successes int
subscription_id str
tenant_id str
validate_creds bool
backend String
clientId String

The client id for credentials to query the Azure APIs.

clientSecret String

The client secret for credentials to query the Azure APIs.

id String

The provider-assigned unique ID for this managed resource.

leaseDuration Number

The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.

leaseId String

The lease identifier assigned by Vault.

leaseRenewable Boolean
leaseStartTime String
role String
environment String
maxCredValidationSeconds Number
namespace String
numSecondsBetweenTests Number
numSequentialSuccesses Number
subscriptionId String
tenantId String
validateCreds Boolean

Package Details

Repository
Vault pulumi/pulumi-vault
License
Apache-2.0
Notes

This Pulumi package is based on the vault Terraform Provider.