vault.azure.getAccessCredentials
Caveats
The validate_creds option requires read-access to the backend config endpoint.
If the effective Vault role does not have the required permissions then valid values
are required to be set for: subscription_id, tenant_id, environment.
Example Usage
using System.Collections.Generic;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var creds = Vault.Azure.GetAccessCredentials.Invoke(new()
{
Role = "my-role",
ValidateCreds = true,
NumSequentialSuccesses = 8,
NumSecondsBetweenTests = 1,
MaxCredValidationSeconds = 300,
});
});
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/azure"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := azure.GetAccessCredentials(ctx, &azure.GetAccessCredentialsArgs{
Role: "my-role",
ValidateCreds: pulumi.BoolRef(true),
NumSequentialSuccesses: pulumi.IntRef(8),
NumSecondsBetweenTests: pulumi.IntRef(1),
MaxCredValidationSeconds: pulumi.IntRef(300),
}, nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.azure.AzureFunctions;
import com.pulumi.vault.ad.inputs.GetAccessCredentialsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var creds = AzureFunctions.getAccessCredentials(GetAccessCredentialsArgs.builder()
.role("my-role")
.validateCreds(true)
.numSequentialSuccesses(8)
.numSecondsBetweenTests(1)
.maxCredValidationSeconds(300)
.build());
}
}
import pulumi
import pulumi_vault as vault
creds = vault.azure.get_access_credentials(role="my-role",
validate_creds=True,
num_sequential_successes=8,
num_seconds_between_tests=1,
max_cred_validation_seconds=300)
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const creds = vault.azure.getAccessCredentials({
role: "my-role",
validateCreds: true,
numSequentialSuccesses: 8,
numSecondsBetweenTests: 1,
maxCredValidationSeconds: 300,
});
variables:
creds:
Fn::Invoke:
Function: vault:azure:getAccessCredentials
Arguments:
role: my-role
validateCreds: true
numSequentialSuccesses: 8
numSecondsBetweenTests: 1
maxCredValidationSeconds: 300
Using getAccessCredentials
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAccessCredentials(args: GetAccessCredentialsArgs, opts?: InvokeOptions): Promise<GetAccessCredentialsResult>
function getAccessCredentialsOutput(args: GetAccessCredentialsOutputArgs, opts?: InvokeOptions): Output<GetAccessCredentialsResult>def get_access_credentials(backend: Optional[str] = None,
environment: Optional[str] = None,
max_cred_validation_seconds: Optional[int] = None,
namespace: Optional[str] = None,
num_seconds_between_tests: Optional[int] = None,
num_sequential_successes: Optional[int] = None,
role: Optional[str] = None,
subscription_id: Optional[str] = None,
tenant_id: Optional[str] = None,
validate_creds: Optional[bool] = None,
opts: Optional[InvokeOptions] = None) -> GetAccessCredentialsResult
def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
environment: Optional[pulumi.Input[str]] = None,
max_cred_validation_seconds: Optional[pulumi.Input[int]] = None,
namespace: Optional[pulumi.Input[str]] = None,
num_seconds_between_tests: Optional[pulumi.Input[int]] = None,
num_sequential_successes: Optional[pulumi.Input[int]] = None,
role: Optional[pulumi.Input[str]] = None,
subscription_id: Optional[pulumi.Input[str]] = None,
tenant_id: Optional[pulumi.Input[str]] = None,
validate_creds: Optional[pulumi.Input[bool]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetAccessCredentialsResult]func GetAccessCredentials(ctx *Context, args *GetAccessCredentialsArgs, opts ...InvokeOption) (*GetAccessCredentialsResult, error)
func GetAccessCredentialsOutput(ctx *Context, args *GetAccessCredentialsOutputArgs, opts ...InvokeOption) GetAccessCredentialsResultOutput> Note: This function is named GetAccessCredentials in the Go SDK.
public static class GetAccessCredentials
{
public static Task<GetAccessCredentialsResult> InvokeAsync(GetAccessCredentialsArgs args, InvokeOptions? opts = null)
public static Output<GetAccessCredentialsResult> Invoke(GetAccessCredentialsInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetAccessCredentialsResult> getAccessCredentials(GetAccessCredentialsArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: vault:azure/getAccessCredentials:getAccessCredentials
arguments:
# arguments dictionaryThe following arguments are supported:
- Backend string
The path to the Azure secret backend to read credentials from, with no leading or trailing
/s.- Role string
The name of the Azure secret backend role to read credentials from, with no leading or trailing
/s.- Environment string
The Azure environment to use during credential validation. Defaults to the environment configured in the Vault backend. Some possible values:
AzurePublicCloud,AzureGovernmentCloudSee the caveats section for more information on this field.- Max
Cred intValidation Seconds If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.
- Namespace string
The namespace of the target resource. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- Num
Seconds intBetween Tests If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.
- Num
Sequential intSuccesses If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.
- Subscription
Id string The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault
backend. See the caveats section for more information on this field.- Tenant
Id string The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault
backend. See the caveats section for more information on this field.- Validate
Creds bool Whether generated credentials should be validated before being returned. Defaults to
false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designatingtrueactivates testing.
- Backend string
The path to the Azure secret backend to read credentials from, with no leading or trailing
/s.- Role string
The name of the Azure secret backend role to read credentials from, with no leading or trailing
/s.- Environment string
The Azure environment to use during credential validation. Defaults to the environment configured in the Vault backend. Some possible values:
AzurePublicCloud,AzureGovernmentCloudSee the caveats section for more information on this field.- Max
Cred intValidation Seconds If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.
- Namespace string
The namespace of the target resource. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- Num
Seconds intBetween Tests If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.
- Num
Sequential intSuccesses If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.
- Subscription
Id string The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault
backend. See the caveats section for more information on this field.- Tenant
Id string The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault
backend. See the caveats section for more information on this field.- Validate
Creds bool Whether generated credentials should be validated before being returned. Defaults to
false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designatingtrueactivates testing.
- backend String
The path to the Azure secret backend to read credentials from, with no leading or trailing
/s.- role String
The name of the Azure secret backend role to read credentials from, with no leading or trailing
/s.- environment String
The Azure environment to use during credential validation. Defaults to the environment configured in the Vault backend. Some possible values:
AzurePublicCloud,AzureGovernmentCloudSee the caveats section for more information on this field.- max
Cred IntegerValidation Seconds If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.
- namespace String
The namespace of the target resource. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- num
Seconds IntegerBetween Tests If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.
- num
Sequential IntegerSuccesses If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.
- subscription
Id String The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault
backend. See the caveats section for more information on this field.- tenant
Id String The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault
backend. See the caveats section for more information on this field.- validate
Creds Boolean Whether generated credentials should be validated before being returned. Defaults to
false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designatingtrueactivates testing.
- backend string
The path to the Azure secret backend to read credentials from, with no leading or trailing
/s.- role string
The name of the Azure secret backend role to read credentials from, with no leading or trailing
/s.- environment string
The Azure environment to use during credential validation. Defaults to the environment configured in the Vault backend. Some possible values:
AzurePublicCloud,AzureGovernmentCloudSee the caveats section for more information on this field.- max
Cred numberValidation Seconds If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.
- namespace string
The namespace of the target resource. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- num
Seconds numberBetween Tests If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.
- num
Sequential numberSuccesses If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.
- subscription
Id string The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault
backend. See the caveats section for more information on this field.- tenant
Id string The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault
backend. See the caveats section for more information on this field.- validate
Creds boolean Whether generated credentials should be validated before being returned. Defaults to
false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designatingtrueactivates testing.
- backend str
The path to the Azure secret backend to read credentials from, with no leading or trailing
/s.- role str
The name of the Azure secret backend role to read credentials from, with no leading or trailing
/s.- environment str
The Azure environment to use during credential validation. Defaults to the environment configured in the Vault backend. Some possible values:
AzurePublicCloud,AzureGovernmentCloudSee the caveats section for more information on this field.- max_
cred_ intvalidation_ seconds If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.
- namespace str
The namespace of the target resource. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- num_
seconds_ intbetween_ tests If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.
- num_
sequential_ intsuccesses If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.
- subscription_
id str The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault
backend. See the caveats section for more information on this field.- tenant_
id str The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault
backend. See the caveats section for more information on this field.- validate_
creds bool Whether generated credentials should be validated before being returned. Defaults to
false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designatingtrueactivates testing.
- backend String
The path to the Azure secret backend to read credentials from, with no leading or trailing
/s.- role String
The name of the Azure secret backend role to read credentials from, with no leading or trailing
/s.- environment String
The Azure environment to use during credential validation. Defaults to the environment configured in the Vault backend. Some possible values:
AzurePublicCloud,AzureGovernmentCloudSee the caveats section for more information on this field.- max
Cred NumberValidation Seconds If 'validate_creds' is true, the number of seconds after which to give up validating credentials. Defaults to 300.
- namespace String
The namespace of the target resource. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- num
Seconds NumberBetween Tests If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials. Defaults to 1.
- num
Sequential NumberSuccesses If 'validate_creds' is true, the number of sequential successes required to validate generated credentials. Defaults to 8.
- subscription
Id String The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault
backend. See the caveats section for more information on this field.- tenant
Id String The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault
backend. See the caveats section for more information on this field.- validate
Creds Boolean Whether generated credentials should be validated before being returned. Defaults to
false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designatingtrueactivates testing.
getAccessCredentials Result
The following output properties are available:
- Backend string
- Client
Id string The client id for credentials to query the Azure APIs.
- Client
Secret string The client secret for credentials to query the Azure APIs.
- Id string
The provider-assigned unique ID for this managed resource.
- Lease
Duration int The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
- Lease
Id string The lease identifier assigned by Vault.
- Lease
Renewable bool - Lease
Start stringTime - Role string
- Environment string
- Max
Cred intValidation Seconds - Namespace string
- Num
Seconds intBetween Tests - Num
Sequential intSuccesses - Subscription
Id string - Tenant
Id string - Validate
Creds bool
- Backend string
- Client
Id string The client id for credentials to query the Azure APIs.
- Client
Secret string The client secret for credentials to query the Azure APIs.
- Id string
The provider-assigned unique ID for this managed resource.
- Lease
Duration int The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
- Lease
Id string The lease identifier assigned by Vault.
- Lease
Renewable bool - Lease
Start stringTime - Role string
- Environment string
- Max
Cred intValidation Seconds - Namespace string
- Num
Seconds intBetween Tests - Num
Sequential intSuccesses - Subscription
Id string - Tenant
Id string - Validate
Creds bool
- backend String
- client
Id String The client id for credentials to query the Azure APIs.
- client
Secret String The client secret for credentials to query the Azure APIs.
- id String
The provider-assigned unique ID for this managed resource.
- lease
Duration Integer The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
- lease
Id String The lease identifier assigned by Vault.
- lease
Renewable Boolean - lease
Start StringTime - role String
- environment String
- max
Cred IntegerValidation Seconds - namespace String
- num
Seconds IntegerBetween Tests - num
Sequential IntegerSuccesses - subscription
Id String - tenant
Id String - validate
Creds Boolean
- backend string
- client
Id string The client id for credentials to query the Azure APIs.
- client
Secret string The client secret for credentials to query the Azure APIs.
- id string
The provider-assigned unique ID for this managed resource.
- lease
Duration number The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
- lease
Id string The lease identifier assigned by Vault.
- lease
Renewable boolean - lease
Start stringTime - role string
- environment string
- max
Cred numberValidation Seconds - namespace string
- num
Seconds numberBetween Tests - num
Sequential numberSuccesses - subscription
Id string - tenant
Id string - validate
Creds boolean
- backend str
- client_
id str The client id for credentials to query the Azure APIs.
- client_
secret str The client secret for credentials to query the Azure APIs.
- id str
The provider-assigned unique ID for this managed resource.
- lease_
duration int The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
- lease_
id str The lease identifier assigned by Vault.
- lease_
renewable bool - lease_
start_ strtime - role str
- environment str
- max_
cred_ intvalidation_ seconds - namespace str
- num_
seconds_ intbetween_ tests - num_
sequential_ intsuccesses - subscription_
id str - tenant_
id str - validate_
creds bool
- backend String
- client
Id String The client id for credentials to query the Azure APIs.
- client
Secret String The client secret for credentials to query the Azure APIs.
- id String
The provider-assigned unique ID for this managed resource.
- lease
Duration Number The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
- lease
Id String The lease identifier assigned by Vault.
- lease
Renewable Boolean - lease
Start StringTime - role String
- environment String
- max
Cred NumberValidation Seconds - namespace String
- num
Seconds NumberBetween Tests - num
Sequential NumberSuccesses - subscription
Id String - tenant
Id String - validate
Creds Boolean
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
vaultTerraform Provider.